<!doctype html>
<html lang="en-GB">
<head>
	<meta charset="UTF-8">
	<meta name="viewport" content="width=device-width, initial-scale=1">
	<link rel="profile" href="https://gmpg.org/xfn/11">
				<meta property="og:image" content="https://blog.sekoia.io/wp-content/uploads/2022/04/tolu-olarewaju-QfV6AqEwNBw-unsplash-scaled-1.jpg" />
		<meta name='robots' content='index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1' />
<link rel="alternate" href="https://blog.sekoia.io/walking-on-apt31-infrastructure-footprints/" hreflang="en" />
<link rel="alternate" href="https://blog.sekoia.io/fr/marcher-sur-les-empreintes-de-linfrastructure-apt31/" hreflang="fr" />

	<!-- This site is optimized with the Yoast SEO Premium plugin v19.1 (Yoast SEO v19.5.1) - https://yoast.com/wordpress/plugins/seo/ -->
	<title>Walking on APT31 infrastructure footprints</title>
	<meta name="description" content="APT31 is an Advanced Persistent Threat group whose mission is likely to gather intelligence on behalf of the Chinese government." />
	<link rel="canonical" href="https://blog.sekoia.io/walking-on-apt31-infrastructure-footprints/" />
	<meta property="og:locale" content="en_GB" />
	<meta property="og:locale:alternate" content="fr_FR" />
	<meta property="og:type" content="article" />
	<meta property="og:title" content="Walking on APT31 infrastructure footprints" />
	<meta property="og:description" content="APT31 is an Advanced Persistent Threat group whose mission is likely to gather intelligence on behalf of the Chinese government." />
	<meta property="og:url" content="https://blog.sekoia.io/walking-on-apt31-infrastructure-footprints/" />
	<meta property="og:site_name" content="SEKOIA.IO Blog" />
	<meta property="article:published_time" content="2021-11-10T10:52:00+00:00" />
	<meta property="article:modified_time" content="2022-08-16T15:04:33+00:00" />
	<meta property="og:image" content="https://blog.sekoia.io/wp-content/uploads/2022/04/tolu-olarewaju-QfV6AqEwNBw-unsplash-scaled-1.jpg" />
	<meta property="og:image:width" content="1200" />
	<meta property="og:image:height" content="900" />
	<meta property="og:image:type" content="image/jpeg" />
	<meta name="author" content="Threat &amp; Detection Research Team" />
	<meta name="twitter:card" content="summary_large_image" />
	<meta name="twitter:creator" content="@sekoia_io" />
	<meta name="twitter:site" content="@sekoia_io" />
	<script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https://blog.sekoia.io/walking-on-apt31-infrastructure-footprints/#article","isPartOf":{"@id":"https://blog.sekoia.io/walking-on-apt31-infrastructure-footprints/"},"author":{"name":"Threat &amp; Detection Research Team","@id":"https://blog.sekoia.io/#/schema/person/da09b797337da9d4e4f7f50380691671"},"headline":"Walking on APT31 infrastructure footprints","datePublished":"2021-11-10T10:52:00+00:00","dateModified":"2022-08-16T15:04:33+00:00","mainEntityOfPage":{"@id":"https://blog.sekoia.io/walking-on-apt31-infrastructure-footprints/"},"wordCount":2044,"publisher":{"@id":"https://blog.sekoia.io/#organization"},"image":{"@id":"https://blog.sekoia.io/walking-on-apt31-infrastructure-footprints/#primaryimage"},"thumbnailUrl":"https://blog.sekoia.io/wp-content/uploads/2022/04/tolu-olarewaju-QfV6AqEwNBw-unsplash-scaled-1.jpg","keywords":["APT","CTI"],"articleSection":["Blogpost"],"inLanguage":"en-GB","accessibilityFeature":["tableOfContents"]},{"@type":"WebPage","@id":"https://blog.sekoia.io/walking-on-apt31-infrastructure-footprints/","url":"https://blog.sekoia.io/walking-on-apt31-infrastructure-footprints/","name":"Walking on APT31 infrastructure footprints","isPartOf":{"@id":"https://blog.sekoia.io/#website"},"primaryImageOfPage":{"@id":"https://blog.sekoia.io/walking-on-apt31-infrastructure-footprints/#primaryimage"},"image":{"@id":"https://blog.sekoia.io/walking-on-apt31-infrastructure-footprints/#primaryimage"},"thumbnailUrl":"https://blog.sekoia.io/wp-content/uploads/2022/04/tolu-olarewaju-QfV6AqEwNBw-unsplash-scaled-1.jpg","datePublished":"2021-11-10T10:52:00+00:00","dateModified":"2022-08-16T15:04:33+00:00","description":"APT31 is an Advanced Persistent Threat group whose mission is likely to gather intelligence on behalf of the Chinese government.","breadcrumb":{"@id":"https://blog.sekoia.io/walking-on-apt31-infrastructure-footprints/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https://blog.sekoia.io/walking-on-apt31-infrastructure-footprints/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https://blog.sekoia.io/walking-on-apt31-infrastructure-footprints/#primaryimage","url":"https://blog.sekoia.io/wp-content/uploads/2022/04/tolu-olarewaju-QfV6AqEwNBw-unsplash-scaled-1.jpg","contentUrl":"https://blog.sekoia.io/wp-content/uploads/2022/04/tolu-olarewaju-QfV6AqEwNBw-unsplash-scaled-1.jpg","width":1200,"height":900,"caption":"Footprint in snow"},{"@type":"BreadcrumbList","@id":"https://blog.sekoia.io/walking-on-apt31-infrastructure-footprints/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https://blog.sekoia.io/"},{"@type":"ListItem","position":2,"name":"Blogpost","item":"https://blog.sekoia.io/category/blogpost-en/"},{"@type":"ListItem","position":3,"name":"Walking on APT31 infrastructure footprints"}]},{"@type":"WebSite","@id":"https://blog.sekoia.io/#website","url":"https://blog.sekoia.io/","name":"SEKOIA.IO Blog","description":"Neutralize Threats Before Impact","publisher":{"@id":"https://blog.sekoia.io/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https://blog.sekoia.io/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https://blog.sekoia.io/#organization","name":"SEKOIA.IO Blog","url":"https://blog.sekoia.io/","sameAs":["https://www.linkedin.com/company/sekoia/","https://www.youtube.com/channel/UCuqywUfebOA5GtrwhRKBY4g","https://twitter.com/sekoia_io"],"logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https://blog.sekoia.io/#/schema/logo/image/","url":"https://blog.sekoia.io/wp-content/uploads/2022/05/Logo-sekoia-positif.svg","contentUrl":"https://blog.sekoia.io/wp-content/uploads/2022/05/Logo-sekoia-positif.svg","width":1162,"height":129,"caption":"SEKOIA.IO Blog"},"image":{"@id":"https://blog.sekoia.io/#/schema/logo/image/"}},{"@type":"Person","@id":"https://blog.sekoia.io/#/schema/person/da09b797337da9d4e4f7f50380691671","name":"Threat &amp; Detection Research Team","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https://blog.sekoia.io/#/schema/person/image/","url":"https://secure.gravatar.com/avatar/6ba435e7a31ece8abfbe7465925530c6?s=96&d=mm&r=g","contentUrl":"https://secure.gravatar.com/avatar/6ba435e7a31ece8abfbe7465925530c6?s=96&d=mm&r=g","caption":"Threat &amp; Detection Research Team"},"url":"https://blog.sekoia.io/author/tdr/"}]}</script>
	<!-- / Yoast SEO Premium plugin. -->


<link rel='dns-prefetch' href='//fonts.googleapis.com' />
<link rel="alternate" type="application/rss+xml" title="SEKOIA.IO Blog &raquo; Feed" href="https://blog.sekoia.io/feed/" />
<link rel='stylesheet' id='wp-block-library-css'  href='https://blog.sekoia.io/wp-includes/css/dist/block-library/style.min.css?ver=6.0.1' type='text/css' media='all' />
<style id='wp-block-library-theme-inline-css' type='text/css'>
.wp-block-audio figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-audio figcaption{color:hsla(0,0%,100%,.65)}.wp-block-code{border:1px solid #ccc;border-radius:4px;font-family:Menlo,Consolas,monaco,monospace;padding:.8em 1em}.wp-block-embed figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-embed figcaption{color:hsla(0,0%,100%,.65)}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:hsla(0,0%,100%,.65)}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{color:hsla(0,0%,100%,.65)}.wp-block-pullquote{border-top:4px solid;border-bottom:4px solid;margin-bottom:1.75em;color:currentColor}.wp-block-pullquote__citation,.wp-block-pullquote cite,.wp-block-pullquote footer{color:currentColor;text-transform:uppercase;font-size:.8125em;font-style:normal}.wp-block-quote{border-left:.25em solid;margin:0 0 1.75em;padding-left:1em}.wp-block-quote cite,.wp-block-quote footer{color:currentColor;font-size:.8125em;position:relative;font-style:normal}.wp-block-quote.has-text-align-right{border-left:none;border-right:.25em solid;padding-left:0;padding-right:1em}.wp-block-quote.has-text-align-center{border:none;padding-left:0}.wp-block-quote.is-large,.wp-block-quote.is-style-large,.wp-block-quote.is-style-plain{border:none}.wp-block-search .wp-block-search__label{font-weight:700}:where(.wp-block-group.has-background){padding:1.25em 2.375em}.wp-block-separator.has-css-opacity{opacity:.4}.wp-block-separator{border:none;border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){border-bottom:none;height:1px}.wp-block-separator.has-background:not(.is-style-wide):not(.is-style-dots){height:2px}.wp-block-table thead{border-bottom:3px solid}.wp-block-table tfoot{border-top:3px solid}.wp-block-table td,.wp-block-table th{padding:.5em;border:1px solid;word-break:normal}.wp-block-table figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-table figcaption{color:hsla(0,0%,100%,.65)}.wp-block-video figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-video figcaption{color:hsla(0,0%,100%,.65)}.wp-block-template-part.has-background{padding:1.25em 2.375em;margin-top:0;margin-bottom:0}
</style>
<style id='global-styles-inline-css' type='text/css'>
body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--duotone--dark-grayscale: url('#wp-duotone-dark-grayscale');--wp--preset--duotone--grayscale: url('#wp-duotone-grayscale');--wp--preset--duotone--purple-yellow: url('#wp-duotone-purple-yellow');--wp--preset--duotone--blue-red: url('#wp-duotone-blue-red');--wp--preset--duotone--midnight: url('#wp-duotone-midnight');--wp--preset--duotone--magenta-yellow: url('#wp-duotone-magenta-yellow');--wp--preset--duotone--purple-green: url('#wp-duotone-purple-green');--wp--preset--duotone--blue-orange: url('#wp-duotone-blue-orange');--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;}
</style>
<link rel='stylesheet' id='spbsm-stylesheet-css'  href='https://blog.sekoia.io/wp-content/plugins/superb-social-share-and-follow-buttons//assets/css/frontend.css?ver=1.1.1' type='text/css' media='all' />
<link rel='stylesheet' id='spbsm-lato-font-css'  href='https://fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700&#038;display=swap&#038;ver=1.1.1' type='text/css' media='all' />
<link rel='stylesheet' id='notizia-style-css'  href='https://blog.sekoia.io/wp-content/themes/notizia/assets/css/style.min.css?ver=6.0.1' type='text/css' media='all' />
<link rel='stylesheet' id='notizia-style-default-css'  href='https://blog.sekoia.io/wp-content/themes/notizia/style.css?ver=6.0.1' type='text/css' media='all' />
<style id='notizia-style-default-inline-css' type='text/css'>
body, ul.menu li.notizia-single-post-megamenu p {
    font-family: 'Open Sans', sans-serif;
  }
  
  .notizia-headline, ul.menu li:not(.notizia-single-post-megamenu), .notizia-categories-container a, .widgettitle, input[type="search"], .notizia-single-main-content-container-inner h1, .notizia-single-main-content-container-inner h2, .notizia-single-main-content-container-inner h3, .notizia-single-main-content-container-inner h4, .notizia-single-main-content-container-inner h5, .notizia-single-main-content-container-inner h6, .notizia-single-main-content-container-inner blockquote p, .notizia-single-main-content-container-inner .wp-block-quote p, .notizia-pagination .post-page-numbers, .page-numbers, .wp-block-cover__inner-container p, #notizia-login-panel label, #notizia-login-panel .login-submit input, .woocommerce div.product .woocommerce-tabs ul.tabs li a, #review_form_wrapper #reply-title, .woocommerce-MyAccount-navigation ul li, .widget_categories .cat-item, .wp-block-categories .cat-item, .widget_archive li, .wp-block-archives-list li, .widget_product_categories li, #wp-calendar caption, a.rsswidget, .notizia-author-name, .woocommerce-pagination li span, .woocommerce-pagination li a {
    font-family: 'Open Sans', sans-serif;
  }.notizia-color-bg-color, .notizia-pagination .current, .notizia-pagination .post-page-numbers:not(.current):hover, .notizia-pagination .page-numbers:not(.current):hover, a.notizia-color-bg-color:hover, .notizia-buttons-type-1 .notizia-comments-container input[type="submit"], .notizia-buttons-type-2 .notizia-comments-container input[type="submit"], .notizia-buttons-type-3 .notizia-comments-container input[type="submit"]:hover, .notizia-buttons-type-4 .notizia-comments-container input[type="submit"]:hover, svg.notizia-color-bg-color, #notizia-header svg.notizia-color-bg-color, .notizia-buttons-type-3 .notizia-button.wp-block-search__button:hover, .notizia-buttons-type-4 .notizia-button.wp-block-search__button:hover {
    color: #FEFEFE;
  }.notizia-author-img-dot span {
    border: 1px solid #FEFEFE;
  }
  
  .notizia-buttons-type-3 .notizia-button, .notizia-buttons-type-4 .notizia-button, .notizia-buttons-type-3 .notizia-comments-container input[type="submit"], .notizia-buttons-type-4 .notizia-comments-container input[type="submit"], .notizia-bg-color, .widget_media_image figure, .widget_media_image figure figcaption, .notizia-single-main-content-container-inner .notizia-single-sharing-panel .notizia-sharing-icon-container, .wp-caption, table.variations:not(.has-background) tbody, .tabs, .notizia-buttons-type-3 .post-password-form input[type="submit"], .notizia-buttons-type-4 .post-password-form input[type="submit"], .notizia-buttons-type-3 .button:focus, .notizia-buttons-type-4 .button:focus, .notizia-buttons-type-3 .notizia-button.wp-block-search__button, .notizia-buttons-type-4 .notizia-button.wp-block-search__button, table:not(.has-background) tbody, .wp-block-table:not(.is-style-stripes) table:not(.has-background) tbody tr:nth-child(even), .wp-block-table.is-style-stripes tbody tr:nth-child(even), .wp-block-coblocks-pricing-table .wp-block-coblocks-pricing-table-item:not(.has-background):nth-of-type(even), .wp-block-coblocks-shape-divider:not(.has-black-background-color):not(.has-cyan-bluish-gray-background-color):not(.has-white-background-color):not(.has-pale-pink-background-color):not(.has-vivid-red-background-color):not(.has-luminous-vivid-orange-background-color):not(.has-luminous-vivid-amber-background-color):not(.has-light-green-cyan-background-color):not(.has-vivid-green-cyan-background-color):not(.has-pale-cyan-blue-background-color):not(.has-vivid-cyan-blue-background-color):not(.has-vivid-purple-background-color), .wp-block-coblocks-icon__inner:not(.has-background) {
    background-color: #FEFEFE;
  }

  .woocommerce-cart-form .woocommerce-cart-form__contents thead, .woocommerce-cart-form .woocommerce-cart-form__contents th, .woocommerce-cart-form .woocommerce-cart-form__contents td, .woocommerce-page table.woocommerce-checkout-review-order-table td, .woocommerce-page table.woocommerce-checkout-review-order-table th, .woocommerce-page table.account-orders-table td, .woocommerce-page table.account-orders-table th, .woocommerce-table--order-downloads th, .woocommerce-table--order-downloads td, table.woocommerce-table--order-details th, table.woocommerce-table--order-details td {
    background-color: #FEFEFE !important;
  }
  
  .notizia-rc-overlay, .notizia-block-overlay {
    background-color: rgba(254, 254, 254, .6);
  }nav ul.menu li a, .widgettitle, .notizia-headline-text-color, .notizia-pagination .post-page-numbers:not(.current), .notizia-pagination .page-numbers:not(.current), .notizia-single-main-content-container .notizia-headline-text-color, .notizia-single-main-content-container-inner h1:not(.has-text-color), .notizia-single-main-content-container-inner h2:not(.notizia-in-block):not(.has-text-color), .notizia-single-main-content-container-inner h3:not(.has-text-color), .notizia-single-main-content-container-inner h4:not(.has-text-color), .notizia-single-main-content-container-inner h5:not(.has-text-color), .notizia-single-main-content-container-inner h6:not(.has-text-color), .notizia-comments-container .notizia-comments-list-container ol.commentlist li.comment .comment-author-name cite a, p.login-remember label, .notizia-archive-header-container:not(.notizia-archive-header-image) form svg, .woocommerce div.product form.cart .variations label, .woocommerce-product-attributes td, .woocommerce-product-attributes td p, table .woocommerce-Price-amount.amount, #add_payment_method table.cart td, #add_payment_method table.cart th, .woocommerce-cart table.cart td, .woocommerce-cart table.cart th, .woocommerce-checkout table.cart td, .woocommerce-checkout table.cart th, #add_payment_method .cart-collaterals .cart_totals table tr:first-child td, #add_payment_method .cart-collaterals .cart_totals table tr:first-child th, .woocommerce-cart .cart-collaterals .cart_totals table tr:first-child td, .woocommerce-cart .cart-collaterals .cart_totals table tr:first-child th, .woocommerce-checkout .cart-collaterals .cart_totals table tr:first-child td, .woocommerce-checkout .cart-collaterals .cart_totals table tr:first-child th, .woocommerce table.shop_table th, .woocommerce table.shop_table td, .woocommerce .star-rating span, pre, #wp-calendar thead, #wp-calendar thead th, .product_meta span, table tr th, .price_slider_amount .price_label, .widget_top_rated_products .woocommerce-Price-amount, .wp-block-coblocks-icon__inner:not(.has-text-color) {
    color: #2d2e83;
  }

  .notizia-post-loop-classic article.notizia-widget-post-list-no-image .notizia-headline a, .notizia-post-loop-classic article.notizia-widget-post-list-no-image .notizia-single-readlater-container span, .notizia-post-loop-classic article.notizia-widget-post-list-no-image .notizia-single-readlater-container svg {
    color: #2d2e83 !important;
  }

  .notizia-post-loop-classic article.notizia-widget-post-list-no-image .notizia-single-readlater-container.notizia-in-reading-list svg {
    fill: #2d2e83 !important;
  }

  .woocommerce-Reviews .meta {
    color: #2d2e83 !important;
  }
  
  .notizia-hamburger span, .notizia-section-titles-style-3 .widgettitle:after, .notizia-section-titles-style-3 .notizia-section-title:after {
    background-color: #2d2e83;
  }
  
  svg.custom-svg.notizia-headline-text-color, svg.notizia-sample-mouse-pointer, .notizia-single-header-type-1 .notizia-in-reading-list svg, .notizia-single-header-type-3 .notizia-in-reading-list svg, .notizia-single-header-type-4 .notizia-in-reading-list svg, .notizia-single-header-type-5 .notizia-in-reading-list svg, .notizia-single-header-type-6 + .notizia-single-data-container .notizia-in-reading-list svg, .notizia-single-header-type-7 + .notizia-single-data-container .notizia-in-reading-list svg, .notizia-archive-header-container:not(.notizia-archive-header-image) .notizia-heart-full path, .notizia-archive-header-container:not(.notizia-archive-header-image) .notizia-heart-anim, .notizia-whatsapp svg path, .notizia-telegram svg path, .notizia-decorations-type-3-second circle:last-child, .notizia-decorations-type-4-second path, .notizia-post-loop .notizia-post-no-image .notizia-in-reading-list svg, .notizia-post-no-image .notizia-heart-full, .notizia-eye-catching-layout-deck .notizia-in-reading-list svg, .notizia-eye-catching-layout-horizon .notizia-in-reading-list svg {
    fill: #2d2e83 !important;
  }a, a:focus, .notizia-main-color-text, .notizia-buttons-type-3 .notizia-button, .notizia-buttons-type-4 .notizia-button, #notizia-header h1.site-title a:hover, nav ul.menu li a:hover, nav ul.menu li.is-active > a, nav ul.menu li.is-active > .notizia-menu-chevron-down, nav ul.menu li.is-active > a, nav ul.menu li.is-active > .notizia-menu-chevron-right, nav ul.menu li.is-active > a, nav ul.menu li.is-active > .notizia-menu-chevron-left, .dropdown.menu > li.is-active > a, .widget_search svg, .notizia-buttons-type-3 .notizia-comments-container input[type="submit"], .notizia-buttons-type-4 .notizia-comments-container input[type="submit"], .notizia-rc-label:hover, .notizia-rc-label-active, #notizia-search-panel .notizia-categories-container li, .woocommerce-info::before, section.notizia-post-loop .notizia-pagination span, .is-style-outline>.wp-block-button__link:not(.has-text-color), .wp-block-button__link.is-style-outline:not(.has-text-color), .notizia-buttons-type-3 .post-password-form input[type="submit"], .notizia-buttons-type-4 .post-password-form input[type="submit"], .widget_categories .cat-item a:hover span.notizia-cat-n-posts, .wp-block-categories .cat-item a:hover span.notizia-cat-n-posts, .widget_archive li:hover > a span.notizia-archive-n-posts, .wp-block-archives-list li:hover > a span.notizia-archive-n-posts {
    color: #5452eb;
  }

  #add_payment_method #payment div.payment_box::before, .woocommerce-cart #payment div.payment_box::before, .woocommerce-checkout #payment div.payment_box::before {
    border: 1em solid #5452eb;
    border-right-color: transparent;
    border-left-color: transparent;
    border-top-color: transparent;
  }

  .notizia-post-loop-classic article.notizia-widget-post-list-no-image .notizia-headline:hover a {
    color: #5452eb !important;
  }

  .notizia-buttons-type-1 .post-password-form input[type="submit"]:hover, .notizia-buttons-type-2 .post-password-form input[type="submit"]:hover, .notizia-sharing-icon-container:hover i, .wp-block-button__link:not(.has-text-color):not(.has-background):not(.is-style-outline):hover {
    color: #5452eb !important;
  }
  
  .notizia-button, .notizia-button.wp-block-search__button, .post-password-form input[type="submit"], .notizia-main-bg, .notizia-alert-neutral, .notizia-single-main-content-container-inner .notizia-single-sharing-panel .n-line, .notizia-pagination .current, .notizia-pagination .post-page-numbers:not(.current):hover, .notizia-pagination .page-numbers:not(.current):hover, input[type=checkbox]:checked + .notizia-checkbox-control:after, .notizia-comments-container input[type="submit"], .woocommerce #respond input#submit.alt, .woocommerce a.button.alt, .woocommerce button.button.alt, .woocommerce input.button.alt, .woocommerce span.onsale, .woocommerce div.product .woocommerce-tabs ul.tabs li.active, .woocommerce #respond input#submit, .woocommerce a.button, .woocommerce button.button, .woocommerce input.button, mark, .wp-block-button__link, .notizia-buttons-type-3 .post-password-form input[type="submit"]:hover, .notizia-buttons-type-4 .post-password-form input[type="submit"]:hover, .notizia-buttons-type-1 .button:focus, .notizia-buttons-type-2 .button:focus, .notizia-buttons-type-3 .notizia-button.wp-block-search__button:hover, .notizia-buttons-type-4 .notizia-button.wp-block-search__button:hover, .widget_categories .cat-item span.notizia-cat-n-posts, .widget_categories .cat-item:not(.notizia-cat-item-bg) a:hover, .wp-block-categories .cat-item span.notizia-cat-n-posts, .wp-block-categories .cat-item:not(.notizia-cat-item-bg) a:hover, .wp-block-button.is-style-outline .wp-block-button__link:not(.has-text-color):not(.has-background):hover, .wp-block-file .wp-block-file__button, .widget_archive li span.notizia-archive-n-posts, .widget_archive li:hover > a, .wp-block-archives-list li span.notizia-archive-n-posts, .wp-block-archives-list li:hover > a, .widget_product_categories .cat-item a:hover, #add_payment_method #payment div.payment_box, .woocommerce-cart #payment div.payment_box, .woocommerce-checkout #payment div.payment_box, .woocommerce nav.woocommerce-pagination ul li span.current, .woocommerce nav.woocommerce-pagination ul li:hover a, .notizia-eye-catching-layout-full-screen-progress .swiper-pagination-bullet-active:before {
    background-color: #5452eb;
  }

  .woocommerce-info {
    border-top-color: #5452eb;
  }

  .swiper-pagination .swiper-pagination-bullet {
    background: #5452eb;
  }
  
  .notizia-buttons-type-3 .notizia-button, .notizia-buttons-type-4 .notizia-button, .notizia-buttons-type-3 .notizia-comments-container input[type="submit"], .notizia-buttons-type-4 .notizia-comments-container input[type="submit"],  #notizia-search-panel .notizia-categories-container .notizia-selected, #notizia-search-panel .notizia-categories-container li:hover, .post-password-form input[type="submit"], .notizia-buttons-type-3 .notizia-button.wp-block-search__button, .notizia-buttons-type-4, .widget_categories .cat-item:not(.notizia-cat-item-bg) > a, .wp-block-categories .cat-item:not(.notizia-cat-item-bg) > a, .wp-block-button .wp-block-button__link:not(.has-text-color):not(.has-background):not(.is-style-outline), .widget_archive li > a, .wp-block-archives-list li > a, .widget_product_categories li > a {
    border: 2px solid #5452eb;
  }
  
  .notizia-section-titles-style-2 .widgettitle, .notizia-section-titles-style-2 .notizia-section-title, .notizia-post-loop article.sticky h2.notizia-headline {
    background: linear-gradient(rgba(84, 82, 235, 0.3), rgba(84, 82, 235, 0.3)) left bottom no-repeat;
  }

  .notizia-loader-rc, .notizia-loader-rc:before, .notizia-loader-rc:after {
    box-shadow: 0 40px 0 #5452eb; 
  }

  .notizia-post-loop article .notizia-loop-image:after {
    border: 3px solid rgba(84, 82, 235, .6);
  }

  .notizia-decorations-type-3-first circle:last-child, .notizia-decorations-type-4-first path:not(.ntz-h2), .notizia-archive-header-container:not(.notizia-archive-header-image) a svg.custom-svg, .notizia-post-loop .notizia-in-reading-list svg.notizia-main-color-text, .notizia-buttons-type-3 .wp-block-search__button.has-icon svg, .notizia-buttons-type-4 .wp-block-search__button.has-icon svg  {
    fill: #5452eb !important; 
  }

  .notizia-decorations-type-3-second circle:first-child {
    stroke: #5452eb; 
  }
  
  @keyframes notiziaLoaderRc {
      0% {
            box-shadow: 0 15px 0 #5452eb; 
        }
      100% {
            box-shadow: 0 10px 0 #5452eb; 
        } 
    }a:hover, .notizia-main-color-hover-text:hover, .notizia-single-author-contacts-container .notizia-headline-text-color:hover, a.notizia-headline-text-color:hover, .notizia-comments-container .notizia-comments-list-container ol.commentlist li.comment .comment-author-name cite a:hover, .notizia-reading-center-article-image:hover + .cell h2 a, .notizia-post-loop .notizia-loop-image:hover + div h2 a, #notizia-user-panel a:hover svg {
    color: #1b18cd;
  }
  
  .notizia-button:hover, .notizia-tweet-this:hover, .notizia-comments-container input[type="submit"]:hover, .woocommerce #respond input#submit.alt:hover, .woocommerce a.button.alt:hover, .woocommerce button.button.alt:hover, .woocommerce input.button.alt:hover, .woocommerce #respond input#submit:hover, .woocommerce a.button:hover, .woocommerce button.button:hover, .woocommerce input.button:hover, .woocommerce #respond input#submit.disabled:hover, .woocommerce #respond input#submit:disabled:hover, .woocommerce #respond input#submit:disabled[disabled]:hover, .woocommerce a.button.disabled:hover, .woocommerce a.button:disabled:hover, .woocommerce a.button:disabled[disabled]:hover, .woocommerce button.button.disabled:hover, .woocommerce button.button:disabled:hover, .woocommerce button.button:disabled[disabled]:hover, .woocommerce input.button.disabled:hover, .woocommerce input.button:disabled:hover, .woocommerce input.button:disabled[disabled]:hover, .woocommerce .widget_price_filter .ui-slider .ui-slider-range, .woocommerce .widget_price_filter .ui-slider .ui-slider-handle {
    background-color: #1b18cd;
  }
  
  svg.custom-svg.notizia-headline-text-color:hover, a:hover svg.custom-svg {
    fill: #1b18cd;
  }.notizia-text-on-main-color, .notizia-text-on-main-color:hover, .woocommerce #respond input#submit.alt, .woocommerce a.button.alt, .woocommerce button.button.alt, .woocommerce input.button.alt, .woocommerce span.onsale, .woocommerce div.product .woocommerce-tabs ul.tabs li, .woocommerce #respond input#submit, .woocommerce a.button, .woocommerce button.button, .woocommerce input.button, .woocommerce #respond input#submit:hover, .woocommerce a.button:hover, .woocommerce button.button:hover, .woocommerce input.button:hover, mark, .wp-block-button:not(.is-style-outline) .wp-block-button__link:not(.has-text-color), .notizia-tweet-this, .notizia-tweet-this:hover, .notizia-tweet-this:focus, .notizia-buttons-type-1 .post-password-form input[type="submit"], .notizia-buttons-type-2 .post-password-form input[type="submit"], .notizia-buttons-type-3 .post-password-form input[type="submit"]:hover, .notizia-buttons-type-4 .post-password-form input[type="submit"]:hover, .widget_categories .cat-item:not(.notizia-cat-item-bg) a:hover, .wp-block-categories .cat-item:not(.notizia-cat-item-bg) a:hover, .notizia-buttons-type-1 .notizia-button, .notizia-buttons-type-1 a.notizia-button, .notizia-buttons-type-2 .notizia-button, .notizia-buttons-type-2 a.notizia-button, .notizia-buttons-type-3 .notizia-button:hover, .notizia-buttons-type-4 .notizia-button:hover, .wp-block-button.is-style-outline .wp-block-button__link:not(.has-text-color):not(.has-background):hover, .wp-block-file .wp-block-file__button, .widget_archive li:hover > a, .wp-block-archives-list li:hover > a, .widget_product_categories .cat-item a:hover, #add_payment_method #payment div.payment_box p, .woocommerce-cart #payment div.payment_box p, .woocommerce-checkout #payment div.payment_box p, .woocommerce-pagination ul li span, .woocommerce nav.woocommerce-pagination ul li:hover a {
    color: #f7f7fc !important;
  }

  .widget_categories .cat-item a:not(:hover) span.notizia-cat-n-posts, .wp-block-categories .cat-item a:not(:hover) span.notizia-cat-n-posts,  .widget_archive li:not(:hover) span.notizia-archive-n-posts, .wp-block-archives-list li:not(:hover) span.notizia-archive-n-posts {
    color: #f7f7fc;
  }
  
  .notizia-tweet-this svg, .notizia-next-prev-tax .notizia-heart-full path, #notizia-reading-center .notizia-reading-center-content .feather-heart.animate__heartBeat path, .notizia-single-header-type-2 .notizia-in-reading-list svg, .notizia-reading-center-content .feather-bookmark.notizia-shake-lr, .notizia-post-loop .notizia-in-reading-list svg, .notizia-archive-header-image .notizia-heart-full path, .notizia-buttons-type-1 .wp-block-search__button.has-icon svg, .notizia-buttons-type-2 .wp-block-search__button.has-icon svg, .notizia-buttons-type-3 .wp-block-search__button.has-icon:hover svg, .notizia-buttons-type-4 .wp-block-search__button.has-icon:hover svg {
    fill: #f7f7fc !important;
  }
  
  .notizia-buttons-type-1 .post-password-form input[type="submit"]:hover, .notizia-buttons-type-2 .post-password-form input[type="submit"]:hover, .widget_categories .cat-item a:hover span.notizia-cat-n-posts, .wp-block-categories .cat-item a:hover span.notizia-cat-n-posts, .wp-block-button__link:not(.has-text-color):not(.has-background):not(.is-style-outline):hover, .widget_archive li:hover > a span.notizia-archive-n-posts, .wp-block-archives-list li:hover > a span.notizia-archive-n-posts {
    background-color: #f7f7fc;
  }.notizia-loader, .notizia-loader:after, .notizia-loader:before {
      box-shadow: 0 40px 0 #f7f7fc; 
    }
    
    @keyframes notiziaLoader {
      0% {
            box-shadow: 0 15px 0 #f7f7fc; 
        }
      100% {
            box-shadow: 0 10px 0 #f7f7fc; 
        } 
    }.notizia-secondary-color-text, .wp-block-coblocks-shape-divider:not(.has-black-color):not(.has-cyan-bluish-gray-color):not(.has-white-color):not(.has-pale-pink-color):not(.has-vivid-red-color):not(.has-luminous-vivid-orange-color):not(.has-luminous-vivid-amber-color):not(.has-light-green-cyan-color):not(.has-vivid-green-cyan-color):not(.has-pale-cyan-blue-color):not(.has-vivid-cyan-blue-color):not(.has-vivid-purple-color) {
    color: #f0f0fa;
  }
  
  .notizia-secondary-color-bg, .notizia-single-main-content-container-inner figure:not(.has-background) blockquote, .notizia-single-main-content-container-inner .wp-block-quote, .notizia-pagination .post-page-numbers:not(.current), .notizia-pagination .page-numbers:not(.current), #notizia-search-panel .notizia-categories-container li, .woocommerce div.product .woocommerce-tabs ul.tabs li, .woocommerce #respond input#submit.alt.disabled, .woocommerce #respond input#submit.alt.disabled:hover, .woocommerce #respond input#submit.alt:disabled, .woocommerce #respond input#submit.alt:disabled:hover, .woocommerce #respond input#submit.alt:disabled[disabled], .woocommerce #respond input#submit.alt:disabled[disabled]:hover, .woocommerce a.button.alt.disabled, .woocommerce a.button.alt.disabled:hover, .woocommerce a.button.alt:disabled, .woocommerce a.button.alt:disabled:hover, .woocommerce a.button.alt:disabled[disabled], .woocommerce a.button.alt:disabled[disabled]:hover, .woocommerce button.button.alt.disabled, .woocommerce button.button.alt.disabled:hover, .woocommerce button.button.alt:disabled, .woocommerce button.button.alt:disabled:hover, .woocommerce button.button.alt:disabled[disabled], .woocommerce button.button.alt:disabled[disabled]:hover, .woocommerce input.button.alt.disabled, .woocommerce input.button.alt.disabled:hover, .woocommerce input.button.alt:disabled, .woocommerce input.button.alt:disabled:hover, .woocommerce input.button.alt:disabled[disabled], .woocommerce input.button.alt:disabled[disabled]:hover, .woocommerce .widget_price_filter .price_slider_wrapper .ui-widget-content, blockquote, .pullquote, .wp-block-coblocks-media-card__content .wp-block-coblocks-row__inner:not(.has-background), .wp-block-coblocks-pricing-table .wp-block-coblocks-pricing-table-item:not(.has-background):nth-of-type(odd), .wp-block-coblocks-author:not(.has-background), #add_payment_method #payment, .woocommerce-cart #payment, .woocommerce-checkout #payment, .woocommerce-pagination ul li a {
    background-color: #f0f0fa;
  }

  .wp-block-coblocks-accordion-item__title:not(.has-background) {
    background-color: #f0f0fa !important;
  }
  
  .wp-block-coblocks-accordion-item__title:not(.has-background) + .wp-block-coblocks-accordion-item__content {
    border: 1px solid #f0f0fa !important;
  }.notizia-text-on-secondary-color, .notizia-single-main-content-container-inner blockquote p, .notizia-single-main-content-container-inner .wp-block-quote p, .notizia-pagination .post-page-numbers:not(.current), .notizia-pagination .page-numbers:not(.current), .notizia-single-main-content-container-inner blockquote:not(.has-text-color) cite, .notizia-single-main-content-container-inner .wp-block-quote:not(.has-text-color) cite, .wp-block-coblocks-accordion .wp-block-coblocks-accordion-item__title:not(.has-text-color), .wp-block-coblocks-media-card__content .wp-block-coblocks-row__inner:not(.has-text-color) p:not(.has-text-color), .wp-block-coblocks-media-card__content .wp-block-coblocks-row__inner:not(.has-text-color) h1:not(.has-text-color), .wp-block-coblocks-media-card__content .wp-block-coblocks-row__inner:not(.has-text-color) h2:not(.has-text-color), .wp-block-coblocks-media-card__content .wp-block-coblocks-row__inner:not(.has-text-color) h3:not(.has-text-color), .wp-block-coblocks-media-card__content .wp-block-coblocks-row__inner:not(.has-text-color) h4:not(.has-text-color), .wp-block-coblocks-media-card__content .wp-block-coblocks-row__inner:not(.has-text-color) h5:not(.has-text-color), .wp-block-coblocks-media-card__content .wp-block-coblocks-row__inner:not(.has-text-color) h6:not(.has-text-color), .wp-block-coblocks-media-card__content .wp-block-coblocks-row__inner:not(.has-text-color) ul:not(.has-text-color), .wp-block-coblocks-media-card__content .wp-block-coblocks-row__inner:not(.has-text-color) ol:not(.has-text-color), .wp-block-coblocks-pricing-table .wp-block-coblocks-pricing-table-item:not(.has-text-color):nth-of-type(odd) span, .wp-block-coblocks-pricing-table .wp-block-coblocks-pricing-table-item:not(.has-text-color):nth-of-type(odd) ul li, .wp-block-coblocks-author:not(.has-text-color) .wp-block-coblocks-author__name, .wp-block-coblocks-author:not(.has-text-color) .wp-block-coblocks-author__biography, #add_payment_method #payment, .woocommerce-cart #payment, .woocommerce-checkout #payment p, .woocommerce-checkout #payment label, .woocommerce-pagination ul li a {
    color: #2d2e83;
  }.notizia-main-text-color-text, .notizia-main-text-color-text p, .widget_text p, .widget_text ul, .widget_text ol, .notizia-single-main-content-container p, .notizia-single-main-content-container-inner dl, .notizia-single-main-content-container-inner address, .notizia-single-main-content-container-inner p, .notizia-single-main-content-container-inner label, .notizia-single-main-content-container-inner figure figcaption, .widget_media_image .wp-caption-text, .notizia-single-main-content-container-inner ul, .notizia-single-main-content-container-inner ol, .comment-notes, .wp-block-preformatted, .woocommerce div.product .woocommerce-tabs ul.tabs li a, .woocommerce #respond input#submit.alt.disabled, .woocommerce #respond input#submit.alt.disabled:hover, .woocommerce #respond input#submit.alt:disabled, .woocommerce #respond input#submit.alt:disabled:hover, .woocommerce #respond input#submit.alt:disabled[disabled], .woocommerce #respond input#submit.alt:disabled[disabled]:hover, .woocommerce a.button.alt.disabled, .woocommerce a.button.alt.disabled:hover, .woocommerce a.button.alt:disabled, .woocommerce a.button.alt:disabled:hover, .woocommerce a.button.alt:disabled[disabled], .woocommerce a.button.alt:disabled[disabled]:hover, .woocommerce button.button.alt.disabled, .woocommerce button.button.alt.disabled:hover, .woocommerce button.button.alt:disabled, .woocommerce button.button.alt:disabled:hover, .woocommerce button.button.alt:disabled[disabled], .woocommerce button.button.alt:disabled[disabled]:hover, .woocommerce input.button.alt.disabled, .woocommerce input.button.alt.disabled:hover, .woocommerce input.button.alt:disabled, .woocommerce input.button.alt:disabled:hover, .woocommerce input.button.alt:disabled[disabled], .woocommerce input.button.alt:disabled[disabled]:hover, .woocommerce .widget_recent_reviews .reviewer, .woocommerce .star-rating::before, .woocommerce-Addresses address, .woocommerce-customer-details address, .wp-caption-text, .widget_rss .rssSummary, .widget_rss .rss-date, .wp-block-calendar table caption, .wp-block-calendar table tbody, li.pingback, .wpcf7-response-output, .notizia-archive-header-container:not(.notizia-archive-header-image) input[type="search"], #notizia-search-panel input[type="search"], .notizia-404-search-form input[type="search"], input[name="post_password"], label[for="wp-comment-cookies-consent"], table td, pre, #wp-calendar caption, .notizia-single-main-content-container-inner hr, .wp-block-coblocks-pricing-table .wp-block-coblocks-pricing-table-item:not(.has-text-color):nth-of-type(even) span, .wp-block-coblocks-pricing-table .wp-block-coblocks-pricing-table-item:not(.has-text-color):nth-of-type(even) ul li {
    color: #111233;
  }

  .notizia-sharing-icon-container, table:not(.variations):not(.woocommerce-cart-form__contents):not(.shop_table):not(#wp-calendar):not(.woocommerce-grouped-product-list), .wp-block-coblocks-pricing-table .wp-block-coblocks-pricing-table-item:not(.has-background):nth-of-type(even) {
    border: 1px solid #111233 !important;
  }

  .notizia-eye-catching-text-box .notizia-dot {
    background-color: #111233;
  }

  .wp-block-table.is-style-stripes {
    border: 0;
    border-bottom: 1px solid #111233;
  }

  table:not(.wp-calendar-table):not(.variations) td, table:not(.wp-calendar-table):not(.variations):not(.woocommerce-cart-form__contents) th, [type="text"], [type="password"], [type="date"], [type="datetime"], [type="datetime-local"], [type="month"], [type="week"], [type="email"], [type="number"], [type="search"], [type="tel"], [type="time"], [type="url"], [type="color"], textarea, .select2-container--default .select2-selection--single, .woocommerce form.checkout_coupon, .woocommerce form.login, .woocommerce form.register {
    border: 1px solid rgba(17, 18, 51, .55);
  }

  .notizia-checkbox-control {
    border: 2px solid rgba(17, 18, 51, .55);
  }

  table:not(.variations):not(.shop_table):not(.woocommerce-table--order-downloads):not(.account-orders-table):not(.woocommerce-table--order-details) thead, table:not(.variations):not(.woocommerce-table--order-downloads):not(.account-orders-table):not(.woocommerce-table--order-details):not(.shop_table) thead tr th, table:not(.variations):not(.woocommerce-table--order-downloads):not(.account-orders-table):not(.woocommerce-table--order-details):not(.shop_table) tfoot {
    background-color: rgba(17, 18, 51, .2);
    color: #111233;
  }

  table#wp-calendar {
    box-shadow: 0 0 0 1px rgba(17, 18, 51, .2);
  }

  table:not(.variations):not(.has-background):not(.woocommerce-grouped-product-list) tr:nth-child(even), .wp-block-table.is-style-stripes table:not(.has-background) tbody tr:nth-child(odd) {
    background-color: rgba(17, 18, 51, .1) !important;
  }

  .wp-block-columns .notizia-single-column {
    border-color: rgba(17, 18, 51, .15);
  }
  
  .notizia-single-featured-bg {
    background-color: rgba(17, 18, 51, .12);
  }

  .notizia-post-loop-4-second-half .notizia-post-count-2:after, .notizia-post-loop-5-third-third article:after, .notizia-post-loop-5-second-third article:after, .notizia-post-loop-8-first-third article:after, .notizia-post-loop article:before {
    background-color: rgba(17, 18, 51, .15);
  }
  
  .widget_search input[type="search"], .wp-block-search__input, .wp-block-search__input:focus, .wp-block-search__button-inside .wp-block-search__inside-wrapper {
    background-color: rgba(17, 18, 51, .06);
    color: #111233;
  }
  
  .notizia-single-author-box {
    border-top: 1px solid rgba(17, 18, 51, .18);
    border-bottom: 1px solid rgba(17, 18, 51, .18);
  }

   .notizia-single-review-box {
    border-top: 1px solid rgba(17, 18, 51, .18);
  }
  
  .notizia-end-share-panel, .notizia-no-author-box-border, .widget_rss li:not(:last-child) {
    border-bottom: 1px solid rgba(17, 18, 51, .18) !important;
  }

  .woocommerce-cart-form .woocommerce-cart-form__contents tr td, .woocommerce-cart-form .woocommerce-cart-form__contents th, .woocommerce-page table.woocommerce-checkout-review-order-table td, .woocommerce-page table.woocommerce-checkout-review-order-table th, .woocommerce-page table.woocommerce-checkout-review-order-table td, .woocommerce-page table.woocommerce-checkout-review-order-table td, .woocommerce-page table.account-orders-table th, .woocommerce-page table.account-orders-table td, .woocommerce-page table.woocommerce-table--order-downloads th, .woocommerce-page table.woocommerce-table--order-downloads td, .woocommerce-page table.woocommerce-table--order-details th, .woocommerce-page table.woocommerce-table--order-details td, table.woocommerce-grouped-product-list tr { 
    border: none;
    border-bottom: 1px solid rgba(17, 18, 51, .18) !important;
  }
  
  .notizia-comments-list-container {
    border-top: 1px solid rgba(17, 18, 51, .18);
  }
  
  .notizia-comments-list-container ol.commentlist ul.children {
    border-left: 6px solid rgba(17, 18, 51, .2);
  }
  
  .notizia-archive-header-container:not(.notizia-archive-header-image) input[type="search"], #notizia-search-panel input[type="search"], .notizia-404-search-form input[type="search"], input[name="post_password"] {
    border: 2px solid rgba(17, 18, 51, .2);
  }
  
  .notizia-decorations-type-1 path, .notizia-decorations-type-2 path {
    fill: rgba(17, 18, 51, .4);
  }

  .notizia-decorations-type-3-first circle:first-child {
    stroke: rgba(17, 18, 51, .45);
  }
  
  .notizia-decorations-type-4-first g path {
    fill: rgba(17, 18, 51, .45);
  }.notizia-next-prev-post {
    background-color: #FFFFFF;
  }.notizia-card-headline-text-color  {
    color: #2d2e83;
  }.notizia-card-text-color  {
    color: #111233;
  }body:not(.logged-in).notizia-header-type-1 .notizia-reading-center-icon-container:after, body:not(.logged-in).notizia-header-type-2 .notizia-reading-center-icon-container:after, body:not(.logged-in).notizia-header-type-3 .notizia-reading-center-icon-container:after, #notizia-reading-center .notizia-reading-center-article-status span, .notizia-reading-center-icon-container.notizia-new-content:after {
    background-color: #72D635;
  }#notizia-header h1.site-title a, #notizia-header .notizia-site-description {
    color: #2d2e83;
  }#notizia-header, .notizia-header-type-1 #notizia-header nav ul.accordion-menu, .notizia-header-type-1 nav.notizia-nav-bg, .notizia-header-type-2 nav.notizia-mobile-menus.notizia-menu-open, .notizia-header-type-3 .notizia-side-panel-menu, .notizia-megamenu.notizia-mobile-menu-element ul.notizia-div-megamenu {
    background-color: #ffffff;
  }
  
  .notizia-header-type-2 .notizia-reading-center-icon-container:hover span, .notizia-header-type-2 #notizia-header .notizia-reading-center-icon-container:hover .feather, .notizia-header-type-2 .notizia-reading-center-icon-container.notizia-reading-center-active span, .notizia-header-type-2 .notizia-reading-center-icon-container.notizia-reading-center-active svg.feather {
    color: #ffffff !important;
  }.notizia-header-type-1 #notizia-header, .notizia-header-type-2 .notizia-site-title-logo, .notizia-header-type-2 .notizia-reading-center-icon-container, .notizia-header-type-3 #notizia-header, .notizia-reading-center-index {
    border-bottom: 1px solid #b2b2e4;
  }
  
  .notizia-header-type-2 .notizia-reading-center-icon-container {
    border-top: 1px solid #b2b2e4;
  }
  
  .notizia-header-type-2 .notizia-search-input-container input, .notizia-header-type-2 .notizia-search-input-container input:focus {
    border: 2px solid #b2b2e4;
  }
  
  .notizia-header-type-2 .notizia-mobile-menu-2-container:before, .notizia-header-type-3 .notizia-c-mobile-menu-1 + .notizia-c-mobile-menu-2:before {
    background-color: #b2b2e4;
  }
  
  .notizia-header-type-3 .notizia-side-panel-menu {
    border-left: 1px solid #b2b2e4;
  }
  
  .notizia-header-type-2 #notizia-header {
    border-right: 1px solid #b2b2e4;
  }.notizia-header-type-1 #notizia-header nav ul.menu.dropdown > li > a, .notizia-header-type-1 #notizia-header nav ul.menu.dropdown .notizia-menu-chevron-down, .notizia-header-type-1 #notizia-header nav ul.menu.dropdown .notizia-menu-chevron-right, .notizia-header-type-1 #notizia-header nav ul.menu.dropdown .notizia-menu-chevron-left, #notizia-header svg:not(.notizia-text-on-main-color):not(.feather-calendar), .notizia-header-type-1 #notizia-header nav ul.accordion-menu li a, .notizia-header-type-2 #notizia-header .menu > li a, .notizia-reading-center-icon-container span, .notizia-reading-center-icon-container .feather, .notizia-header-type-2 .notizia-account-icon-container, .notizia-header-type-2 svg.feather-user, .notizia-header-type-2 #notizia-header ul.notizia-mobile-menu ul.sub-menu li a, .notizia-header-type-3 #notizia-header ul > li a, .notizia-header-type-3 .notizia-side-panel-menu ul li a, .notizia-header-type-3 .notizia-side-panel-menu .notizia-side-panel-inner-container .notizia-side-panel-inner-container-inner ul.menu.accordion-menu .feather:not(.feather-calendar), .notizia-header-type-3 .notizia-login-act-show.show-for-medium-down:not(.notizia-login-button) {
    color: #7172a3;
  }
  
  .notizia-hamburger span {
    background-color: #7172a3;
  }.notizia-header-type-1 #notizia-header:not(.notizia-transparent-header) nav ul.menu.dropdown > li:hover > a, .notizia-header-type-1 #notizia-header:not(.notizia-transparent-header) nav ul.menu.dropdown li:hover > a + .notizia-menu-chevron-down, .notizia-header-type-1 #notizia-header:not(.notizia-transparent-header) nav ul.menu.dropdown li:hover > a + .notizia-menu-chevron-right, .notizia-header-type-1 #notizia-header:not(.notizia-transparent-header) nav ul.menu.dropdown li:hover > a + .notizia-menu-chevron-left, .notizia-header-type-2 #notizia-header .menu > li:hover > a, .notizia-header-type-2 #notizia-header .menu > li:hover > a + svg, .notizia-header-type-2 .notizia-account-icon-container:hover, .notizia-header-type-2 #notizia-header .notizia-account-icon-container:hover svg.feather:not(.feather-file-text-log-out):not(.feather-key):not(.feather-log-in):not(.feather-file-text):not(.feather-log-out), .notizia-header-type-3 #notizia-header:not(.notizia-transparent-header) nav ul.menu.dropdown > li:hover > a, .notizia-header-type-3 #notizia-header:not(.notizia-transparent-header) nav ul.menu.dropdown li:hover > a + .notizia-menu-chevron-down, .notizia-header-type-3 #notizia-header:not(.notizia-transparent-header) nav ul.menu.dropdown li:hover > a + .notizia-menu-chevron-right, .notizia-header-type-3 #notizia-header:not(.notizia-transparent-header) nav ul.menu.dropdown li:hover > a + .notizia-menu-chevron-left, .notizia-header-type-3 .notizia-side-panel-menu .notizia-side-panel-inner-container .notizia-side-panel-inner-container-inner ul.menu li:hover > a, .notizia-header-type-3 .notizia-side-panel-menu .notizia-side-panel-inner-container .notizia-side-panel-inner-container-inner ul.menu.accordion-menu li:hover > button .feather, #notizia-header .feather-bell:hover, #notizia-header .feather-search:hover, #notizia-header .feather-user:hover, .notizia-megamenu-element-active, .notizia-megamenu-element-active > a, .notizia-megamenu-element-active > a + svg, .notizia-div-megamenu-desktop .notizia-pagination span, .notizia-div-megamenu-mobile .notizia-pagination span, .notizia-div-megamenu-desktop .notizia-readmore, .notizia-div-megamenu-mobile .notizia-readmore, #notizia-user-panel a:hover svg, li.notizia-user-menu a:hover svg, li.notizia-user-menu li:hover a, li.notizia-user-menu li:hover svg {
    color: #5452eb !important;
  }
  
  .notizia-header-type-2 header:not(.notizia-transparent-header) .notizia-reading-center-icon-container:hover, .notizia-header-type-2 header:not(.notizia-transparent-header) .notizia-reading-center-icon-container.notizia-reading-center-active {
    background-color: #5452eb;
  }.notizia-header-type-1 #notizia-header nav ul.menu.dropdown ul li > a, .notizia-header-type-1 #notizia-header nav ul.menu.dropdown ul .notizia-menu-chevron-down, .notizia-header-type-1 #notizia-header nav ul.menu.dropdown ul .notizia-menu-chevron-right, .notizia-header-type-1 #notizia-header nav ul.menu.dropdown ul .notizia-menu-chevron-left, .notizia-header-type-2 #notizia-header .menu .sub-menu > li a, .notizia-header-type-2 #notizia-header .menu .sub-menu > li a + svg, .notizia-header-type-3 #notizia-header nav ul.menu.dropdown ul li > a, .notizia-header-type-3 #notizia-header nav ul.menu.dropdown ul .notizia-menu-chevron-down, .notizia-header-type-3 #notizia-header nav ul.menu.dropdown ul .notizia-menu-chevron-right, .notizia-header-type-3 #notizia-header nav ul.menu.dropdown ul .notizia-menu-chevron-left, .notizia-submenu-link {
    color: #111233;
  }.notizia-header-type-1 #notizia-header nav ul.menu.dropdown ul > li:hover > a, .notizia-header-type-1 #notizia-header nav ul.menu.dropdown ul li:hover > a + .notizia-menu-chevron-down, .notizia-header-type-1 #notizia-header nav ul.menu.dropdown ul li:hover > a + .notizia-menu-chevron-right, .notizia-header-type-1 #notizia-header nav ul.menu.dropdown ul li:hover > a + .notizia-menu-chevron-left, .notizia-header-type-1 #notizia-header nav ul.accordion-menu li:hover > a, .notizia-header-type-1 #notizia-header nav ul.accordion-menu li:hover > a + button .feather, .notizia-header-type-2 #notizia-header .menu .sub-menu > li:hover > a, .notizia-header-type-2 #notizia-header .menu .sub-menu > li:hover > a + svg, .notizia-header-type-3 #notizia-header nav ul.menu.dropdown ul > li:hover > a, .notizia-header-type-3 #notizia-header nav ul.menu.dropdown ul li:hover > a + .notizia-menu-chevron-down, .notizia-header-type-3 #notizia-header nav ul.menu.dropdown ul li:hover > a + .notizia-menu-chevron-right, .notizia-header-type-3 #notizia-header nav ul.menu.dropdown ul li:hover > a + .notizia-menu-chevron-left, .notizia-header-type-3 #notizia-header nav ul.accordion-menu li:hover > a, .notizia-header-type-3 #notizia-header nav ul.accordion-menu li:hover > a + button .feather, .notizia-submenu-link:hover {
    color: #3351DD;
  }.notizia-header-type-1 nav.notizia-main-menu-container ul.dropdown.menu ul.sub-menu, .notizia-header-type-2 nav.notizia-main-menu-container ul .sub-menu, .notizia-header-type-3 nav.notizia-main-menu-container ul.dropdown.menu ul.sub-menu, #notizia-reading-center, .notizia-exceeding-categories-container, #notizia-user-panel, .notizia-div-megamenu-desktop, #notizia-search-bar {
    background-color: #F9F9F9;
  }
  
  .notizia-header-type-1 #notizia-header nav ul.dropdown.menu .sub-menu:before, .notizia-header-type-3 #notizia-header nav ul.dropdown.menu .sub-menu:before, .notizia-header-type-1 #notizia-reading-center:before, .notizia-header-type-3 #notizia-reading-center:before, body .notizia-categories-container .notizia-exceeding-categories-container:before, .notizia-header-type-1 #notizia-user-panel:before, .notizia-header-type-3 #notizia-user-panel:before, #notizia-search-bar:before {
    border-bottom-color: #F9F9F9 !important;
  }
  
  .notizia-header-type-1 #notizia-header nav ul.dropdown.menu .sub-menu .sub-menu:before, .notizia-header-type-3 #notizia-header nav ul.dropdown.menu .sub-menu .sub-menu:before {
    border-right-color: #F9F9F9;
    border-bottom-color: transparent !important;
  }
  
  .notizia-header-type-2 #notizia-header .notizia-desktop-menu .sub-menu:before, .notizia-header-type-2 #notizia-reading-center:before, .notizia-header-type-2 #notizia-user-panel:before {
    border-right-color: #F9F9F9;
  }
  
  .notizia-megamenu-overlay {
    background-color: rgba(249, 249, 249, .6);
  }.notizia-submenu-text, .notizia-single-post-megamenu-data svg, .notizia-single-post-megamenu-data span {
    color: #111233;
  }.notizia-social-menu-container span, .notizia-social-menu-label {
    color: #7172a3;
  }
    @keyframes notiziaLoaderFooter {
      0% {
            box-shadow: 0 15px 0 #0d0044; 
        }
      100% {
            box-shadow: 0 10px 0 #0d0044; 
        } 
    }.notizia-eye-catching-layout-magazine, .notizia-eycm-bg {
    background-color: #ffffff;
  }
  
  .notizia-eycm-text, .notizia-eycm-text:hover, .notizia-eycm-text:focus, .notizia-eycm-text:active {
    color: #2d2e83;
  }
  
  .notizia-eycm-text-bg {
    background-color: #2d2e83;
  }
  
  .notizia-eycm-bg-text {
    color: #ffffff;
  }#notizia-footer, #notizia-footer aside .wp-caption-text, #notizia-footer aside .widget_media_image figure, #notizia-footer .widget_categories .cat-item, #notizia-footer .wp-block-categories .cat-item, #notizia-footer .widget_categories .cat-item:not(.notizia-cat-item-bg) a:hover span.notizia-cat-n-posts, #notizia-footer table:not(.has-background) tbody, #notizia-footer .widget_archive li, #notizia-footer .wp-block-archives-list li, #notizia-footer .widget_archive li:hover > a span.notizia-archive-n-posts, #notizia-footer .widget_product_categories .cat-item, #notizia-footer .widget_product_categories .cat-item a:hover, #notizia-footer .wp-caption {
    background-color: #0d0044;
  }.notizia-sidebar-footer .widget_categories .cat-item a:not(:hover) span.notizia-cat-n-posts, .notizia-sidebar-footer .wp-block-categories .cat-item a:not(:hover) span.notizia-cat-n-posts, #notizia-footer .widget_categories .cat-item a:hover, .notizia-sidebar-footer .widget_archive li:not(:hover) span.notizia-archive-n-posts, .notizia-sidebar-footer .wp-block-archives-list li:not(:hover) span.notizia-archive-n-posts, #notizia-footer .widget_archive li:hover > a, #notizia-footer .notizia-sidebar-footer .widget_product_categories .cat-item a:hover, .notizia-buttons-type-1 #notizia-footer .widget.notizia-postlist .notizia-loop-load-more .notizia-button span, .notizia-buttons-type-2 #notizia-footer .widget.notizia-postlist .notizia-loop-load-more .notizia-button span, .notizia-buttons-type-3 #notizia-footer .notizia-button:hover span, .notizia-buttons-type-4 #notizia-footer .notizia-button:hover span, #notizia-footer .notizia-single-review-score span {
    color: #0d0044 !important;
  }
  
  #notizia-footer .widget.notizia-postlist .notizia-loader, #notizia-footer .widget.notizia-postlist .notizia-loader:after, #notizia-footer .widget.notizia-postlist .notizia-loader:before {
    box-shadow: 0 40px 0 #0d0044;
  }#notizia-footer .notizia-footer-logo-container h1 a, #notizia-footer .notizia-footer-logo-container p, #notizia-footer aside h2.widgettitle, #notizia-footer .widget.notizia-postlist .notizia-post-loop-classic .notizia-widget-post-list-no-image .notizia-single-readlater-container {
    color: #ffffff !important;
  }
  
  #notizia-footer .widget.notizia-postlist .notizia-post-loop-classic .notizia-widget-post-list-no-image .notizia-single-readlater-container.notizia-in-reading-list svg {
    fill: #ffffff !important;
  }#notizia-footer .notizia-copyright-text p, #notizia-footer aside p:not(.notizia-excerpt-post-list-widget), #notizia-footer aside ul, #notizia-footer aside ol, #notizia-footer aside .wp-caption-text, #notizia-footer aside caption, #notizia-footer .price_slider_amount .price_label, #notizia-footer .widget_top_rated_products .woocommerce-Price-amount, #notizia-footer .notizia-post-loop-classic .notizia-excerpt-post-list-widget, #notizia-footer .rssSummary, #notizia-footer .rss-date {
    color: #ffffff !important;
  }
  
  #notizia-footer table thead {
    background-color: rgba(255, 255, 255, .2);
    color: #ffffff;
  }

  #notizia-footer table#wp-calendar {
    box-shadow: 0 0 0 1px rgba(255, 255, 255, .2);
  }

  #notizia-footer [type="text"], #notizia-footer [type="password"], #notizia-footer [type="date"], #notizia-footer [type="datetime"], #notizia-footer [type="datetime-local"], #notizia-footer [type="month"], #notizia-footer [type="week"], #notizia-footer [type="email"], #notizia-footer [type="number"], #notizia-footer [type="search"], #notizia-footer [type="tel"], #notizia-footer [type="time"], #notizia-footer [type="url"], #notizia-footer [type="color"], #notizia-footer textarea, #notizia-footer .select2-container--default .select2-selection--single {
    border: 1px solid rgba(255, 255, 255, .55);
  }
  
  #notizia-footer table thead th {
    color: #ffffff;
  }

  #notizia-footer .widget_rss li:not(:last-child) {
    border-bottom: 1px solid rgba(255, 255, 255, .18) !important;
  }
  
  #notizia-footer table tr:nth-child(even), #notizia-footer .wp-block-table.is-style-stripes table:not(.has-background) tbody tr:nth-child(odd) {
    background-color: rgba(255, 255, 255, .1);
  }#notizia-footer a, #notizia-footer .notizia-footer-social-container i, body #notizia-footer .notizia-sidebar-footer .widget_categories .cat-item:not(.notizia-cat-item-bg) a:hover span.notizia-cat-n-posts, .notizia-sidebar-footer .wp-block-categories .cat-item a:hover span.notizia-cat-n-posts, body #notizia-footer .notizia-sidebar-footer .widget_archive li:hover > a span.notizia-archive-n-posts, .notizia-sidebar-footer .wp-block-archives-list li:hover > a span.notizia-archive-n-posts, .notizia-buttons-type-3 #notizia-footer .notizia-button, .notizia-buttons-type-4 #notizia-footer .notizia-button {
    color: #d2d1fa !important;
  }
  
  #notizia-footer .notizia-footer-social-container a {
    border: 2px solid rgba(210, 209, 250, .15);
  }

  #notizia-footer .notizia-post-loop article .notizia-loop-image:after {
    border: 3px solid rgba(210, 209, 250, .6);
  }

  .notizia-sidebar-footer .widget_categories .cat-item:not(.notizia-cat-item-bg) > a, .notizia-sidebar-footer .wp-block-categories .cat-item:not(.notizia-cat-item-bg) > a, .notizia-sidebar-footer .widget_archive li > a, .notizia-sidebar-footer .wp-block-archives-list li > a, .notizia-sidebar-footer .widget_product_categories .cat-item > a, .notizia-buttons-type-3 #notizia-footer .notizia-button, .notizia-buttons-type-4 #notizia-footer .notizia-button {
    border: 2px solid #d2d1fa;
  }
  
  .notizia-footer-border-bottom:after {
    background-color: rgba(210, 209, 250, .1);
  }
  
  .notizia-sidebar-footer .widget_categories .cat-item span.notizia-cat-n-posts, .notizia-sidebar-footer .widget_categories .cat-item:not(.notizia-cat-item-bg) a:hover, .notizia-sidebar-footer .wp-block-categories .cat-item span.notizia-cat-n-posts, .notizia-sidebar-footer .wp-block-categories .cat-item:not(.notizia-cat-item-bg) a:hover, .notizia-sidebar-footer .widget_archive li span.notizia-archive-n-posts, .notizia-sidebar-footer .widget_archive li:hover > a, .notizia-sidebar-footer .wp-block-archives-list li span.notizia-archive-n-posts, .notizia-sidebar-footer .wp-block-archives-list li:hover > a, .woocommerce #notizia-footer .widget_price_filter .ui-slider .ui-slider-range, .woocommerce #notizia-footer .widget_price_filter .ui-slider .ui-slider-handle, .notizia-buttons-type-1 #notizia-footer .widget.notizia-postlist .notizia-loop-load-more .notizia-button, .notizia-buttons-type-2 #notizia-footer .widget.notizia-postlist .notizia-loop-load-more .notizia-button, .notizia-buttons-type-3 #notizia-footer .notizia-button:hover, .notizia-buttons-type-4 #notizia-footer .notizia-button:hover, #notizia-footer .notizia-single-review-score {
    background-color: #d2d1fa;
  } 

  .notizia-sidebar-footer .widget_product_categories .cat-item a:hover {
    background-color: #d2d1fa !important;
  }#notizia-footer a:hover, #notizia-footer h1:hover a, #notizia-footer .notizia-footer-social-container a:hover i {
    color: #8583f1 !important;
  }
  
  .notizia-section-titles-style-2 #notizia-footer aside.notizia-sidebar li.widget .widgettitle {
    background: linear-gradient(rgba(133, 131, 241, 0.3), rgba(133, 131, 241, 0.3)) left bottom no-repeat;
    background-size: 100% 7px;
    background-position: 0px 18px;
  }
  
  .notizia-buttons-type-1 #notizia-footer .widget.notizia-postlist .notizia-loop-load-more .notizia-button:hover, .notizia-buttons-type-2 #notizia-footer .widget.notizia-postlist .notizia-loop-load-more .notizia-button:hover {
    background-color: #8583f1 !important;
  }#notizia-loading-overlay {
    background-color:  #FEFEFE;
  }@media screen and (min-width: 640px) and (max-width: 1120px){.notizia-header-type-2 #notizia-reading-center:before, .notizia-header-type-2 #notizia-user-panel:before {
      border-bottom-color: #F9F9F9;
    }}@media screen and (max-width: 1120px){body.notizia-header-type-2 #notizia-header .notizia-reading-center-icon-container.notizia-reading-center-active svg.feather, .notizia-header-type-2 .notizia-reading-center-icon-container:hover span, body.notizia-header-type-2 #notizia-header .notizia-reading-center-icon-container:hover .feather {
      color: #7172a3 !important;
    }
    
    .notizia-header-type-2 header:not(.notizia-transparent-header) .notizia-reading-center-icon-container.notizia-reading-center-active, .notizia-header-type-2 header:not(.notizia-transparent-header) .notizia-reading-center-icon-container:hover {
      background-color: #ffffff;
    }.notizia-header-type-2 header {
      border-bottom: 1px solid #b2b2e4;
    }}@media screen and (max-width: 768px){.woocommerce-page table.cart .cart_item {
      border: 1px solid rgba(17, 18, 51, .18) !important;
    }
    
    .woocommerce-page table.cart:not(.variations):not(.has-background):not(.woocommerce-grouped-product-list) tr.cart_item {
      background-color: #FEFEFE !important;
    }}
</style>
<link rel='stylesheet' id='font-awesome-css'  href='https://blog.sekoia.io/wp-content/themes/notizia/assets/libraries/fontawesome/css/all.min.css?ver=6.0.1' type='text/css' media='all' />
<link rel='stylesheet' id='swiper-css'  href='https://blog.sekoia.io/wp-content/themes/notizia/assets/libraries/swiper/css/swiper.min.css?ver=6.0.1' type='text/css' media='all' />
<link rel='stylesheet' id='magnific-popup-css'  href='https://blog.sekoia.io/wp-content/themes/notizia/assets/libraries/magnific-popup/magnific-popup.min.css?ver=6.0.1' type='text/css' media='all' />
<link rel='stylesheet' id='hamburgers-css'  href='https://blog.sekoia.io/wp-content/themes/notizia/assets/libraries/hamburgers/hamburgers.min.css?ver=6.0.1' type='text/css' media='all' />
<link rel='stylesheet' id='animate-css'  href='https://blog.sekoia.io/wp-content/themes/notizia/assets/libraries/animate/animate.min.css?ver=6.0.1' type='text/css' media='all' />
<link rel='stylesheet' id='lightbox-css'  href='https://blog.sekoia.io/wp-content/themes/notizia/assets/libraries/lightbox/css/lightbox.min.css?ver=6.0.1' type='text/css' media='all' />
<link rel='stylesheet' id='notizia__google_fonts-css'  href='https://fonts.googleapis.com/css?family=Open+Sans%3Aital%2Cwght%400%2C400%3B0%2C700%3B1%2C400%3B1%2C700&#038;display=swap&#038;ver=6.0.1' type='text/css' media='all' />
<script type='text/javascript' src='https://blog.sekoia.io/wp-content/plugins/notizia-reading-center/assets/libraries/feather-icons/feather.min.js?ver=6.0.1' id='feather-icons-js'></script>
<script type='text/javascript' src='https://blog.sekoia.io/wp-includes/js/jquery/jquery.min.js?ver=3.6.0' id='jquery-core-js'></script>
<script type='text/javascript' src='https://blog.sekoia.io/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2' id='jquery-migrate-js'></script>
<script type='text/javascript' src='https://blog.sekoia.io/wp-content/plugins/notizia-reading-center/assets/js/script.js?ver=6.0.1' id='notizia-reading-center-script-js'></script>
<script type='text/javascript' id='notizia-reading-center-ajax-js-extra'>
/* <![CDATA[ */
var alerts = {"rl_added":"Great! This post is now in your Reading List!","rl_removed":"Post successfully removed from your Reading List.","rc_added":"Great! This tag is now in your Reading Center!","rc_removed":"Tag successfully removed from your Reading Center."};
var notiziaUrls = {"ajaxurl":"https:\/\/blog.sekoia.io\/wp-admin\/admin-ajax.php","nonce":"f4c3d525b5"};
/* ]]> */
</script>
<script type='text/javascript' src='https://blog.sekoia.io/wp-content/plugins/notizia-reading-center/assets/js/ajax.js?ver=6.0.1' id='notizia-reading-center-ajax-js'></script>
<script type='text/javascript' id='notizia-tools-script-js-extra'>
/* <![CDATA[ */
var notizia_Tools_Urls = {"ajaxurl":"https:\/\/blog.sekoia.io\/wp-admin\/admin-ajax.php","nonce":"2907e485a5"};
var localized_tools_string = {"tweet_this":"Tweet this!","login_placeholder":"Your email or username...","password_placeholder":"Your password...","login":"Log in","register":"Register","user_menu":"User","your_profile":"Your profile","logout":"Logout","login_credentials_error":"The credentials are wrong, or you don't have an account on this site.","login_invalid_email":"Unknown email address. Check again or try your username.","login_invalid_username":"Unknown username. Check again or try your email address.","login_incorrect_password":"The password you entered is incorrect.","registration_create_account":"Create account","registration_empty_fields":"One or more mandatory fields are empty. Try again.","registration_invalid_email":"The email address you entered is not valid.","registration_empty_captcha":"We need to be sure you're a real human!","registration_invalid_captcha":"Wrong answer. Sorry, robots aren't allowed to register.","registration_invalid_user":"The username you entered is not valid.","registration_user_exists":"The username already exists in our system.","registration_email_exists":"The email address already exists in our system.","registration_generic_error":"Sorry, something went wrong. Try again.","registration_success":"Great! Your user has been created. You can log in now."};
/* ]]> */
</script>
<script type='text/javascript' src='https://blog.sekoia.io/wp-content/plugins/notizia-tools/assets/js/script.min.js?ver=6.0.1' id='notizia-tools-script-js'></script>
<script type='text/javascript' src='https://blog.sekoia.io/wp-content/themes/notizia/assets/js/foundation/foundation.core.min.js?ver=6.0.1' id='foundation-core-js'></script>
<script type='text/javascript' src='https://blog.sekoia.io/wp-content/themes/notizia/assets/js/foundation/foundation.util.nest.min.js?ver=6.0.1' id='foundation-util-nest-js'></script>
<script type='text/javascript' src='https://blog.sekoia.io/wp-content/themes/notizia/assets/js/foundation/foundation.util.keyboard.min.js?ver=6.0.1' id='foundation-util-keyboard-js'></script>
<script type='text/javascript' src='https://blog.sekoia.io/wp-content/themes/notizia/assets/js/foundation/foundation.util.box.min.js?ver=6.0.1' id='foundation-util-box-js'></script>
<script type='text/javascript' src='https://blog.sekoia.io/wp-content/themes/notizia/assets/js/foundation/foundation.util.touch.min.js?ver=6.0.1' id='foundation-util-touch-js'></script>
<script type='text/javascript' src='https://blog.sekoia.io/wp-content/themes/notizia/assets/js/foundation/foundation.dropdownMenu.min.js?ver=6.0.1' id='foundation-dropdownMenu-js'></script>
<script type='text/javascript' src='https://blog.sekoia.io/wp-content/themes/notizia/assets/js/foundation/foundation.accordionMenu.min.js?ver=6.0.1' id='foundation-accordionMenu-js'></script>
<link rel="https://api.w.org/" href="https://blog.sekoia.io/wp-json/" /><link rel="alternate" type="application/json" href="https://blog.sekoia.io/wp-json/wp/v2/posts/164" />
		<!-- GA Google Analytics @ https://m0n.co/ga -->
		<script async src="https://www.googletagmanager.com/gtag/js?id=G-12N1XPRQ0H"></script>
		<script>
			window.dataLayer = window.dataLayer || [];
			function gtag(){dataLayer.push(arguments);}
			gtag('js', new Date());
			gtag('config', 'G-12N1XPRQ0H');
		</script>

	<link rel="icon" href="https://blog.sekoia.io/wp-content/uploads/2022/04/favicon-sekoia-io.png" sizes="32x32" />
<link rel="icon" href="https://blog.sekoia.io/wp-content/uploads/2022/04/favicon-sekoia-io.png" sizes="192x192" />
<link rel="apple-touch-icon" href="https://blog.sekoia.io/wp-content/uploads/2022/04/favicon-sekoia-io.png" />
<meta name="msapplication-TileImage" content="https://blog.sekoia.io/wp-content/uploads/2022/04/favicon-sekoia-io.png" />
		<style type="text/css" id="wp-custom-css">
			.feather-message-circle, .feather-message-circle + span {
    display: none;
}		</style>
		</head>


<body class="post-template-default single single-post postid-164 single-format-standard wp-custom-logo wp-embed-responsive notizia-theme notizia-header-type-1 notizia-buttons-type-1 notizia-section-titles-style-1 notizia-single-sidebar-position-3 notizia-post-header-type-6 notizia-page-header-type-7 notizia-tools notizia-border-radius-on" data-header-type="1" data-show-decorations="1" data-decorations-type="1" data-post-id="164">
	<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 0 0" width="0" height="0" focusable="false" role="none" style="visibility: hidden; position: absolute; left: -9999px; overflow: hidden;" ><defs><filter id="wp-duotone-dark-grayscale"><feColorMatrix color-interpolation-filters="sRGB" type="matrix" values=" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 " /><feComponentTransfer color-interpolation-filters="sRGB" ><feFuncR type="table" tableValues="0 0.49803921568627" /><feFuncG type="table" tableValues="0 0.49803921568627" /><feFuncB type="table" tableValues="0 0.49803921568627" /><feFuncA type="table" tableValues="1 1" /></feComponentTransfer><feComposite in2="SourceGraphic" operator="in" /></filter></defs></svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 0 0" width="0" height="0" focusable="false" role="none" style="visibility: hidden; position: absolute; left: -9999px; overflow: hidden;" ><defs><filter id="wp-duotone-grayscale"><feColorMatrix color-interpolation-filters="sRGB" type="matrix" values=" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 " /><feComponentTransfer color-interpolation-filters="sRGB" ><feFuncR type="table" tableValues="0 1" /><feFuncG type="table" tableValues="0 1" /><feFuncB type="table" tableValues="0 1" /><feFuncA type="table" tableValues="1 1" /></feComponentTransfer><feComposite in2="SourceGraphic" operator="in" /></filter></defs></svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 0 0" width="0" height="0" focusable="false" role="none" style="visibility: hidden; position: absolute; left: -9999px; overflow: hidden;" ><defs><filter id="wp-duotone-purple-yellow"><feColorMatrix color-interpolation-filters="sRGB" type="matrix" values=" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 " /><feComponentTransfer color-interpolation-filters="sRGB" ><feFuncR type="table" tableValues="0.54901960784314 0.98823529411765" /><feFuncG type="table" tableValues="0 1" /><feFuncB type="table" tableValues="0.71764705882353 0.25490196078431" /><feFuncA type="table" tableValues="1 1" /></feComponentTransfer><feComposite in2="SourceGraphic" operator="in" /></filter></defs></svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 0 0" width="0" height="0" focusable="false" role="none" style="visibility: hidden; position: absolute; left: -9999px; overflow: hidden;" ><defs><filter id="wp-duotone-blue-red"><feColorMatrix color-interpolation-filters="sRGB" type="matrix" values=" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 " /><feComponentTransfer color-interpolation-filters="sRGB" ><feFuncR type="table" tableValues="0 1" /><feFuncG type="table" tableValues="0 0.27843137254902" /><feFuncB type="table" tableValues="0.5921568627451 0.27843137254902" /><feFuncA type="table" tableValues="1 1" /></feComponentTransfer><feComposite in2="SourceGraphic" operator="in" /></filter></defs></svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 0 0" width="0" height="0" focusable="false" role="none" style="visibility: hidden; position: absolute; left: -9999px; overflow: hidden;" ><defs><filter id="wp-duotone-midnight"><feColorMatrix color-interpolation-filters="sRGB" type="matrix" values=" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 " /><feComponentTransfer color-interpolation-filters="sRGB" ><feFuncR type="table" tableValues="0 0" /><feFuncG type="table" tableValues="0 0.64705882352941" /><feFuncB type="table" tableValues="0 1" /><feFuncA type="table" tableValues="1 1" /></feComponentTransfer><feComposite in2="SourceGraphic" operator="in" /></filter></defs></svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 0 0" width="0" height="0" focusable="false" role="none" style="visibility: hidden; position: absolute; left: -9999px; overflow: hidden;" ><defs><filter id="wp-duotone-magenta-yellow"><feColorMatrix color-interpolation-filters="sRGB" type="matrix" values=" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 " /><feComponentTransfer color-interpolation-filters="sRGB" ><feFuncR type="table" tableValues="0.78039215686275 1" /><feFuncG type="table" tableValues="0 0.94901960784314" /><feFuncB type="table" tableValues="0.35294117647059 0.47058823529412" /><feFuncA type="table" tableValues="1 1" /></feComponentTransfer><feComposite in2="SourceGraphic" operator="in" /></filter></defs></svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 0 0" width="0" height="0" focusable="false" role="none" style="visibility: hidden; position: absolute; left: -9999px; overflow: hidden;" ><defs><filter id="wp-duotone-purple-green"><feColorMatrix color-interpolation-filters="sRGB" type="matrix" values=" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 " /><feComponentTransfer color-interpolation-filters="sRGB" ><feFuncR type="table" tableValues="0.65098039215686 0.40392156862745" /><feFuncG type="table" tableValues="0 1" /><feFuncB type="table" tableValues="0.44705882352941 0.4" /><feFuncA type="table" tableValues="1 1" /></feComponentTransfer><feComposite in2="SourceGraphic" operator="in" /></filter></defs></svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 0 0" width="0" height="0" focusable="false" role="none" style="visibility: hidden; position: absolute; left: -9999px; overflow: hidden;" ><defs><filter id="wp-duotone-blue-orange"><feColorMatrix color-interpolation-filters="sRGB" type="matrix" values=" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 " /><feComponentTransfer color-interpolation-filters="sRGB" ><feFuncR type="table" tableValues="0.098039215686275 1" /><feFuncG type="table" tableValues="0 0.66274509803922" /><feFuncB type="table" tableValues="0.84705882352941 0.41960784313725" /><feFuncA type="table" tableValues="1 1" /></feComponentTransfer><feComposite in2="SourceGraphic" operator="in" /></filter></defs></svg>			<div id="notizia-loading-overlay" class="notizia-transitions-05 notizia-visible">
		</div>
		<div class="notizia-dark-overlay-full">
	</div>

	    <div id="notizia-login-panel" class="notizia-bg-color notizia-modal">
        <i data-feather="x" class="notizia-clickable-icon notizia-close"></i>
        <h3 class="text-center notizia-headline notizia-headline-text-color">Log in</h3>
                    <p class="notizia-login-reading-center-warning-message notizia-headline-text-color text-center">Whoops! You have to login to access the Reading Center functionalities!</p>
                <form name="loginform" id="loginform" action="https://blog.sekoia.io/wp-login.php" method="post"><p class="login-username">
				<label for="user_login">Username or Email Address</label>
				<input type="text" name="log" id="user_login" autocomplete="username" class="input" value="" size="20" />
			</p><p class="login-password">
				<label for="user_pass">Password</label>
				<input type="password" name="pwd" id="user_pass" autocomplete="current-password" class="input" value="" size="20" />
			</p><p class="login-remember"><label><input name="rememberme" type="checkbox" id="rememberme" value="forever" /> Remember Me</label></p><p class="login-submit">
				<input type="submit" name="wp-submit" id="wp-submit" class="button button-primary" value="Log In" />
				<input type="hidden" name="redirect_to" value="https://blog.sekoia.io/walking-on-apt31-infrastructure-footprints/" />
			</p></form>        <a href="https://blog.sekoia.io/wp-login.php?action=lostpassword" class="notizia-headline notizia-forgot-password text-center">Forgot password?</a>
            </div>
    
    
	
<div id="notizia-search-panel" class="notizia-bg-color notizia-modal">
    <i data-feather="x" class="notizia-clickable-icon notizia-close"></i>
    <h3 class="notizia-headline notizia-headline-text-color">Search the site...</h3>
    
<form role="search" method="get" class="search-form" action="https://blog.sekoia.io/">
    <label>
        <span class="screen-reader-text">Search for</span>
        <input type="search" class="search-field" placeholder="Search..." value="" name="s">
    </label>
</form>    <div class="notizia-categories-container">
        <ul>
            <li class="notizia-secondary-color-bg notizia-main-color-text notizia-selected notizia-all-categories">All categories</li>
            	<li class="cat-item cat-item-78"><a href="https://blog.sekoia.io/category/blogpost-en/">Blogpost</a>
</li>
        </ul>
    </div>
    <div class="notizia-search-labels-container grid-container grid-x grid-margin-x notizia-no-padding-left-right">
        <div class="cell small-12 medium-6 large-6">
            <h4 class="notizia-headline notizia-headline-text-color"></h4>
            <p class="notizia-main-text-color-text"></p>
        </div>
        <div class="cell small-12 medium-6 large-6 notizia-reset-button">
            <div class="notizia-button">Reset</div>
        </div>
    </div>
    <section class="notizia-search-loop-container">
        <div class="notizia-loader-rc-container">
            <div class="notizia-loader-rc"></div>
        </div>
        <div class="grid-x grid-container grid-margin-x notizia-post-loop notizia-search-loop-content notizia-no-padding-left-right">
        </div>
    </section>
</div>
			
		<header id="notizia-header" class="grid-container fluid notizia-main-box-fluid animate__animated animate__fadeInDown" data-logo="https://blog.sekoia.io/wp-content/uploads/2022/05/Logo-sekoia-io-blog.svg" data-logo-white="">
			<div class="grid-container grid-x notizia-main-box">
				<div class="small-6 medium-6 large-2 notizia-site-title-logo">
					<a href="https://blog.sekoia.io/" class="custom-logo-link" rel="home"><img width="147" height="16" src="https://blog.sekoia.io/wp-content/uploads/2022/05/Logo-sekoia-io-blog.svg" class="custom-logo" alt="SEKOIA.IO Blog" /></a>				</div>
				<nav class="large-8 notizia-main-menu-container">
					<div class="menu-go-to-sekoia-io-container"><ul id="menu-go-to-sekoia-io" class="menu notizia-desktop-menu"><li id="menu-item-251" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-251"><a href="https://www.sekoia.io">Discover SEKOIA.IO solutions</a></li>
<li id="menu-item-866" class="pll-parent-menu-item menu-item menu-item-type-custom menu-item-object-custom current-menu-parent menu-item-has-children menu-item-866"><a href="#pll_switcher"><img src="" alt="English" width="16" height="11" style="width: 16px; height: 11px;" /><span style="margin-left:0.3em;">English</span></a>
<ul class="sub-menu">
	<li id="menu-item-866-en" class="lang-item lang-item-24 lang-item-en current-lang lang-item-first menu-item menu-item-type-custom menu-item-object-custom menu-item-866-en"><a href="https://blog.sekoia.io/walking-on-apt31-infrastructure-footprints/" hreflang="en-GB" lang="en-GB"><img src="" alt="English" width="16" height="11" style="width: 16px; height: 11px;" /><span style="margin-left:0.3em;">English</span></a></li>
	<li id="menu-item-866-fr" class="lang-item lang-item-26 lang-item-fr menu-item menu-item-type-custom menu-item-object-custom menu-item-866-fr"><a href="https://blog.sekoia.io/fr/marcher-sur-les-empreintes-de-linfrastructure-apt31/" hreflang="fr-FR" lang="fr-FR"><img src="" alt="Français" width="16" height="11" style="width: 16px; height: 11px;" /><span style="margin-left:0.3em;">Français</span></a></li>
</ul>
</li>
</ul></div><div class="menu-go-to-sekoia-io-container"><ul id="menu-go-to-sekoia-io-1" class="menu notizia-mobile-menu notizia-mobile-menu-user animate__animated"><li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-251"><a href="https://www.sekoia.io">Discover SEKOIA.IO solutions</a></li>
<li class="pll-parent-menu-item menu-item menu-item-type-custom menu-item-object-custom current-menu-parent menu-item-has-children menu-item-866"><a href="#pll_switcher"><img src="" alt="English" width="16" height="11" style="width: 16px; height: 11px;" /><span style="margin-left:0.3em;">English</span></a>
<ul class="sub-menu">
	<li class="lang-item lang-item-24 lang-item-en current-lang lang-item-first menu-item menu-item-type-custom menu-item-object-custom menu-item-866-en"><a href="https://blog.sekoia.io/walking-on-apt31-infrastructure-footprints/" hreflang="en-GB" lang="en-GB"><img src="" alt="English" width="16" height="11" style="width: 16px; height: 11px;" /><span style="margin-left:0.3em;">English</span></a></li>
	<li class="lang-item lang-item-26 lang-item-fr menu-item menu-item-type-custom menu-item-object-custom menu-item-866-fr"><a href="https://blog.sekoia.io/fr/marcher-sur-les-empreintes-de-linfrastructure-apt31/" hreflang="fr-FR" lang="fr-FR"><img src="" alt="Français" width="16" height="11" style="width: 16px; height: 11px;" /><span style="margin-left:0.3em;">Français</span></a></li>
</ul>
</li>
</ul></div>				</nav>
				<div class="small-6 medium-6 large-2 notizia-menu-icons-container">
										<i data-feather="search" class="notizia-search-button notizia-clickable-icon"></i>
					<div class="show-for-medium-down notizia-hamburger">
						<span></span>
						<span></span>
					</div>
					<i data-feather="user" class="notizia-user-button notizia-clickable-icon hide-for-medium-down"></i>
					<div id="notizia-user-panel">
																					<a class="notizia-headline-text-color notizia-headline notizia-open-login  notizia-login-no-registration" href="#"><i data-feather="log-in"></i>Log in</a>
																										</div>
									</div>
			</div>
		</header>
		<i data-feather="user" class="notizia-user-button notizia-clickable-icon show-for-medium-down"></i>

		
            <script type="application/ld+json">
            {
                "@context": "https://schema.org",
                "@type": "Article",
                "mainEntityOfPage": {
                    "@type": "WebPage",
                    "@id": "https://blog.sekoia.io/walking-on-apt31-infrastructure-footprints/"
                },
                "headline": "Walking on APT31 infrastructure footprints",
                "alternativeHeadline" : "",
                "image": [
                    "https://blog.sekoia.io/wp-content/uploads/2022/04/tolu-olarewaju-QfV6AqEwNBw-unsplash-scaled-1.jpg"
                ],
                "datePublished": "2021-11-10T11:52:00+01:00",
                "dateModified": "2022-08-16T17:04:33+02:00",
                "author": {
                    "@type": "Person",
                    "name": "Threat &#038; Detection Research Team",
                    "url": "https://blog.sekoia.io/author/tdr/"
                },
                "publisher": {
                    "@type": "Organization",
                    "name": "SEKOIA.IO Blog"
                }
            }
        </script>
    
<div>
    
            <div class="notizia-margin-auto notizia-single-header notizia-single-header-type-6 notizia-single-header-img notizia-bcc notizia-nowhere notizia-animate-scroll notizia-lazy-bg" data-lazy="https://blog.sekoia.io/wp-content/uploads/2022/04/tolu-olarewaju-QfV6AqEwNBw-unsplash-scaled-1.jpg" style="">
                <div class="notizia-dark-overlay">
                </div>
                                <div class="notizia-single-header-content">
                    <div class="grid-container grid-x notizia-main-box notizia-main-box-padding-x">
                        <div class="cell small-12 medium-12 large-7 notizia-categories-container notizia-transparent-categories-container">
                                    <a href="https://blog.sekoia.io/category/blogpost-en/" class="notizia-secondary-color-bg notizia-main-color-text notizia-br-8" title="Blogpost">Blogpost</a>
                                  <div class="notizia-single-title-container">
                                <h1 class="notizia-headline">Walking on APT31 infrastructure footprints</h1>
                            </div>
                                                    </div>
                                                    <div class="cell small-12 medium-12 large-5 notizia-single-tags-container">
                                                                    <div class="notizia-single-tag notizia-headline">
                                                                                <i data-feather="heart" data-id="14" data-action="add" class="notizia-heart-empty notizia-rc-action"></i><a href="https://blog.sekoia.io/tag/apt/">APT</a>
                                    </div>
                                                                    <div class="notizia-single-tag notizia-headline">
                                                                                <i data-feather="heart" data-id="4" data-action="add" class="notizia-heart-empty notizia-rc-action"></i><a href="https://blog.sekoia.io/tag/cti/">CTI</a>
                                    </div>
                                                            </div>
                                            </div>
                </div>
            </div>
            <div class="grid-container grid-x notizia-main-box notizia-single-data-container notizia-margin-auto">
                <div class="notizia-single-author-container cell small-12 medium-12 large-6 notizia-no-padding-left-right">
                    <div class="notizia-author-av">
                        <a href="https://blog.sekoia.io/author/tdr/">
                            <img alt='' src='https://secure.gravatar.com/avatar/6ba435e7a31ece8abfbe7465925530c6?s=52&#038;d=mm&#038;r=g' srcset='https://secure.gravatar.com/avatar/6ba435e7a31ece8abfbe7465925530c6?s=104&#038;d=mm&#038;r=g 2x' class='avatar avatar-52 photo' height='52' width='52' loading='lazy'/>                        </a>
                    </div>
                    <div class="notizia-author-name">
                        <a class="notizia-author-link notizia-headline-text-color" href="https://blog.sekoia.io/author/tdr/">Threat &#38; Detection Research Team</a>
                        <span class="notizia-single-post-date notizia-main-text-color-text">November 10 2021</span>
                    </div>
                    <div class="notizia-single-views-comments-container">
                                <i data-feather="eye" class="notizia-views notizia-headline-text-color"></i>
        <span class="notizia-headline notizia-headline-text-color">1191</span>
                                                    <i data-feather="message-circle" class="notizia-headline-text-color"></i>
                        <span class="notizia-headline notizia-headline-text-color">0</span>
                    </div>
                </div>
                <div class="cell small-12 medium-12 large-6 notizia-text-right-only-large">
                                            <div class="notizia-single-readlater-container  notizia-not-in-reading-list" data-id="164" data-action="add">
                            <i data-feather="bookmark" class="notizia-clickable-icon animate__animated notizia-headline-text-color"></i>
                            <span class="notizia-headline notizia-headline-text-color notizia-rl-add notizia-main-color-hover-text">Read it later</span>
                            <span class="notizia-headline notizia-headline-text-color notizia-rl-remove notizia-main-color-hover-text">Remove</span>
                        </div>
                                        
    <div class="notizia-single-reading-time  notizia-variable-position-no-featured">
        <i data-feather="clock" class="notizia-headline-text-color"></i><span class="notizia-headline notizia-headline-text-color">11 minutes reading</span>
    </div>
                </div>
            </div>

        
    
            <div class="grid-container grid-x notizia-main-box notizia-main-box-padding-x notizia-margin-auto notizia-single-main-content-container notizia-start-content-no-padding notizia-nowhere notizia-animate-scroll  ">
            
            
            <div class="cell notizia-single-main-content-container-inner  notizia-has-social-share-icons small-12 notizia-with-no-sidebar">
                
<script src="https://platform.linkedin.com/in.js" type="text/javascript"> lang: en_US</script>
<script type="IN/FollowCompany" data-id="597994" data-counter="bottom"></script>


<div class="yoast-breadcrumbs"><span><span><a href="https://blog.sekoia.io/">Accueil</a> » <span><a href="https://blog.sekoia.io/category/blogpost-en/">Blogpost</a> » <span class="breadcrumb_last" aria-current="page">Walking on APT31 infrastructure footprints</span></span></span></span></div>


<div class="wp-block-yoast-seo-table-of-contents yoast-table-of-contents"><h2>Table of contents</h2><ul><li><a href="#h-a-brief-on-the-apt31-creature" data-level="2">A brief on the APT31 creature</a></li><li><a href="#h-br-int-apt31" data-level="2">BR|INT APT31</a></li><li><a href="#h-hunting-in-the-apt31-infrastructure-footprints" data-level="2">Hunting in the APT31 infrastructure footprints</a></li><li><a href="#h-implants-seen-during-the-walk" data-level="2">Implants seen during the walk</a></li><li><a href="#h-conclusion" data-level="2">Conclusion</a></li><li><a href="#h-external-references" data-level="2">External references</a></li><li><a href="#h-tactics-techniques-and-procedures-ttps" data-level="2">Tactics, Techniques and Procedures (TTPs)</a></li><li><a href="#h-iocs" data-level="2">IoCs</a><ul><li><a href="#h-domain-names" data-level="3">Domain names</a></li><li><a href="#h-ip-addresses" data-level="3">IP Addresses</a></li><li><a href="#h-yara-rules" data-level="3">Yara Rules</a></li></ul></li></ul></div>



<p>SEKOIA.IO’s Cyber Threat Intelligence team had <strong>an in-depth look at&nbsp; the APT31 intrusion set at the beginning of 2021</strong> when the BfV (Bundesamt für Verfassungsschutz)<a href="https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/2021/bfv-cyber-brief-2021-1.pdf" target="_blank" rel="noreferrer noopener">¹</a>&nbsp;and McAfee²&nbsp;released some new information. A few months later, the French National Cybersecurity Agency (ANSSI) also released a short publication with several IoCs<a href="https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-003/" target="_blank" rel="noreferrer noopener">³</a>, showing that the intrusion set was still active and of concern as multiple national agencies had been involved.&nbsp;</p>



<p>All of these <a href="https://blog.sekoia.io/playbooks-yara-rules-iocs-explanation-about-the-news/" target="_blank" rel="noreferrer noopener">IoC</a>s were mainly IP addresses, and <strong>many of them seemed to be linked to SOHO routers</strong>, mostly <a href="https://pakedge.com/" target="_blank" rel="noreferrer noopener">Pakedge</a> routers at the time. With that observation, we investigated more deeply to see if we could find more infrastructure and implants used by this intrusion set.</p>



<span id="more-164"></span>



<h2 id="h-a-brief-on-the-apt31-creature">A brief on the APT31 creature</h2>



<p>APT31 (aka Zirconium or Judgment Panda) is an Advanced Persistent Threat group whose mission is likely to gather intelligence on behalf of the Chinese government. Similar to other nation-state actors, <strong>the group is focusing on data of interest to the PRC</strong> (People’s Republic of China) and its strategic and geopolitical ambitions, rather than on specific verticals.</p>



<p><strong>The Chinese adversaries are considered some of the most prolific state-sponsored cyber actors on the planet.</strong> According to Microsoft’s observations, from July 2020 to June 2021, <a href="https://blog.sekoia.io/ongoing-roaming-mantis-smishing-campaign-targeting-france/" target="_blank" rel="noreferrer noopener">China-based threat actors</a> displayed the strongest interest in targeting critical infrastructure among all the other nation-state threats<a href="https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi" target="_blank" rel="noreferrer noopener">⁴</a>.</p>



<figure class="wp-block-image alignfull"><img src="https://www.sekoia.io/wp-content/uploads/2021/11/image1.jpg" alt="A timeline of the publicly reported APT31-related campaigns" class="wp-image-4929" title=""/></figure>



<p class="has-text-align-center"><em>Figure 1. A timeline of the publicly reported APT31-related campaigns</em></p>



<p>As shown in <em>Figure 1</em> and in alignment with available public reports, APT31 has been active since at least 2013 and its 2021 campaign targeting numerous French entities is still ongoing.</p>



<h2 id="h-br-int-apt31">BR|INT APT31</h2>



<p><a href="https://info.sekoia.io/hubfs/%5BMarketing%5D%20-%20Ebook-analyse/BRINT%20APT31.pdf" target="_blank" rel="noreferrer noopener">Download PDF version</a></p>



<p>Even if the public literature on this <a href="https://blog.sekoia.io/nobeliums-envyscout-infection-chain-goes-in-the-registry-targeting-embassies/" target="_blank" rel="noreferrer noopener">intrusion set</a> is quite limited, APT31 is known to use — among others vectors — spear phishing to get a foothold in the victims’ networks. Although <strong>their recent campaigns weren’t technically sophisticated</strong>, they succeeded in bypassing network defences by employing only legitimate websites and services to host their implants (GitHub) and interact with them once executed on the victims’ workstation (use of DropBoxAPI)<a href="https://www.zscaler.fr/blogs/security-research/apt-31-leverages-covid-19-vaccine-theme-and-abuses-legitimate-online" target="_blank" rel="noreferrer noopener">⁵</a>. It has also been spotted targeting organizations via SQL injection attacks, as well as leveraging stolen credentials to gain initial access.</p>



<p><strong>APT31 and other Chinese state–backed actors have been lately the object of several European governments’ attribution statements.</strong> Back in July 2021, the UK accused the Chinese Ministry of State Security (MSS) of supporting the APT31 group’s activities<a href="https://www.gov.uk/government/news/uk-and-allies-hold-chinese-state-responsible-for-a-pervasive-pattern-of-hacking" target="_blank" rel="noreferrer noopener">⁶</a>. At nearly the same time, the EU detected malicious cyber activities with significant effects that <strong>targeted key European industries</strong> and linked them to APT31<a href="https://www.consilium.europa.eu/en/press/press-releases/2021/07/19/declaration-by-the-high-representative-on-behalf-of-the-eu-urging-china-to-take-action-against-malicious-cyber-activities-undertaken-from-its-territory/">⁷</a>. In both cases, official statements mentioned APT31 alongside another Chinese attacker group — APT40.&nbsp;</p>



<p>Moreover, <strong>authorities suspect APT31 </strong><strong>to be a group of contractors working directly for China’s MSS</strong>, or even members of the People’s Liberation Army (PLA) Strategic Support Force, as reported by other sources.</p>



<div class="wp-container-2 wp-block-group"><div class="wp-block-group__inner-container">
<div class="wp-container-1 wp-block-buttons alignwide">
<div class="wp-block-button aligncenter"><a class="wp-block-button__link has-white-color has-text-color" href="https://sekoia.io/en/contact/" target="_blank" rel="noreferrer noopener">Discover our CTI and XDR products</a></div>
</div>
</div></div>



<h2 id="h-hunting-in-the-apt31-infrastructure-footprints">Hunting in the APT31 infrastructure footprints</h2>



<p>APT31 is one of the few intrusion sets known to have been seen compromising SOHO routers to compose its operational infrastructure, since at least November 2019, date on which a sample of the backdoor used on compromised routers was uploaded to VirusTotal for analysis (MD5: 77c73b8b1846652307862dd66ec09ebf). However, this implant can be much older as there is no compilation date associated with ELF files.&nbsp;</p>



<p>The Operational Relay Boxes (ORB) associated with this infrastructure are used as proxies for frontal attacks, active and passive reconnaissance and also as command and control servers for several implants. <strong>Till today, we don’t know how they compromised these routers.</strong> It is likely that they used a mix of known and unknown vulnerabilities to achieve remote code execution in order to drop their implants and other redirector tools.&nbsp;</p>



<p>We found ways and heuristics to illuminate some parts of their infrastructure and track it over time. <strong>The C2 domains used by this intrusion set have several characteristics</strong> such as:&nbsp;</p>



<ul><li>Patterns: lots of domains had technical strings such as “update”, “check”, “cloud” or “service” along with some IOT/router’s brands (Mikrotik, Netgear, Qnap, Nec).</li></ul>



<ul><li>DNS configuration: most of them don’t resolve anything without an appropriate subdomain such as “www”, “api”, “sso” etc.</li></ul>



<ul><li>DNS providers: APT31 mainly uses four DNS providers: Monovm, Cloudflare, Topdns and most recently Hosteons, which we’ve seen used only for two domains so far.&nbsp;</li></ul>



<ul><li>Fake registrant and associated email: the name is mostly composed like a real name (<em>eg.</em> Joseph Edwards) with an associated email address using protonmail.ch, email.cz, post.cz or inbox.lv.</li></ul>



<ul><li>The resolution timeframe of these domains doesn’t exceed a few days, which is also relevant from an analyst’s point of view.&nbsp;</li></ul>



<p>As the domains were resolving to SOHO routers, it was also possible to track them using this particularity. Indeed, <strong>it is relatively rare that a domain from these DNS providers points to some domestic autonomous systems.</strong></p>



<p>On the other hand, the network appliances compromised by APT31 have technical characteristics (<em>eg.</em> administration panels, specific certificates or banners) allowing anybody to recover thousands of IP addresses using them. By using passive DNS resolutions on these IP addresses, it was possible to discover new C2s when an observed FQDN pointing to them had the previously mentioned characteristics.</p>



<p>Finally, <strong>we discovered </strong><strong>nearly 50 IP addresses and 34 domain names</strong> following ANSSI’s publication, with an overlap of one IP address resolved by the domain www.fwcheck[.]com. The table below summarises the brands of network appliances that composed the C2 infrastructure used by APT31 until July 2021. The confidence value depends on the number of heuristics (explained above) that matched as well as on whether other sources already mentionned the C2 or not.</p>



<figure class="wp-block-table alignfull"><table><thead><tr><th>Brand seen on C2</th><th>Number of C2s</th><th>Confidence</th></tr></thead><tbody><tr><td>Pakedge</td><td>41</td><td>High</td></tr><tr><td>CyberOAM</td><td>3</td><td>High</td></tr><tr><td>Netgear VPN firewall</td><td>2</td><td>Low</td></tr><tr><td>D-LINK</td><td>1</td><td>Low</td></tr><tr><td>Others</td><td>5</td><td>Low</td></tr></tbody></table></figure>



<p>Since July 2021, we have observed a shift in their infrastructure. <strong>They left their historical “Pakedge infrastructure”</strong> and moved it to new clusters composed this time of several other brands and nameservers in order to avoid infrastructure illumination by analysts.&nbsp;</p>



<p>Since then, it has become more difficult to follow their tracks although we can still see several new C2s such as neccloud[.]net — resolving to 5.252.176[.]102, a server under the MivoCloud umbrella — or netgearcloud[.]net, resolving to a domestic IP address based in Sweden on September 22, 2021. We link these domains to APT31 with high confidence as they match most of the infrastructure heuristics established during the investigation.&nbsp;</p>



<p>However, it’s worth noting that not all their Operational Relay Boxes are resolved by domains names. Thenceforth, the IoCs list provided at the end of this blogpost is obviously non-exhaustive and <strong>shows only a small fraction of their operational infrastructure</strong> used for attacks in 2021.</p>



<div class="wp-block-cover is-light has-parallax" style="background-image:url(https://blog.sekoia.io/wp-content/uploads/2022/05/les-nouvelles-fonctionnalites-juin-2-scaled.webp);min-height:237px"><span aria-hidden="true" class="wp-block-cover__background has-background-dim"></span><div class="wp-block-cover__inner-container">
<p class="has-text-align-center has-white-color has-text-color" style="font-size:29px">Webinar : How to improve the Analyst Experience with Sigma Correlation</p>



<p class="has-text-align-center has-white-color has-text-color" style="font-size:29px">Date : May, 31st &#8211; 4:00pm</p>



<div class="wp-container-3 wp-block-buttons">
<div class="wp-block-button aligncenter"><a class="wp-block-button__link has-white-color has-text-color"><strong>SIGN IN</strong></a></div>
</div>
</div></div>



<h2 id="h-implants-seen-during-the-walk">Implants seen during the walk</h2>



<p>By looking at the implants connecting to this infrastructure in open source, <strong>we have been able to get several implants</strong>, that we assess were used by APT31 during their operations, such as <a href="https://blog.sekoia.io/hunting-and-detecting-cobalt-strike/" target="_blank" rel="noreferrer noopener">Cobalt Strike</a> beacons and an ELF implant dubbed “unifi-video” (MD5: 4640805c362b1e5bee5312514dd0ab2b), impersonating a well known IOT brand.</p>



<figure class="wp-block-image alignfull"><img src="https://www.sekoia.io/wp-content/uploads/2021/11/image2.png" alt="Links between some APT31 campaigns, indicators and malware/tools from SEKOIA.IO Intelligence Center." class="wp-image-4931" title=""/></figure>



<p><em>Figure 2. Links between some APT31 campaigns, indicators and malware/tools from </em><a href="https://app.sekoia.io/intelligence/objects/intrusion-set--89f742c4-1479-4909-a348-b146bc92d28d" target="_blank" rel="noreferrer noopener"><em>SEKOIA.IO Intelligence Center</em></a><em>.</em></p>



<p>Among standard red-teaming tools, <strong>APT31 seems to be using Cobalt Strike as an </strong><strong><em>n-</em></strong><strong>stage</strong> implant to persist inside the victim’s network. As shown in the table below, several beacons connecting to the “Pakedge infrastructure” have been sent to VirusTotal packed in a PE to VirusTotal. It is worth noting that as they have been packed in an executable file, <strong>the corresponding hash can’t be used to hunt for APT31 in your network.</strong></p>



<figure class="wp-block-table alignfull"><table><thead><tr><th>Packed beacons MD5 hashes</th><th>Associated C2</th></tr></thead><tbody><tr><td>f707759e05ab58296071ec50cc04c9fc</td><td>fdexcute[.]com</td></tr><tr><td>dc30a177a104717d652a49887851f033</td><td>api[.]ontracting[.]com</td></tr><tr><td>362057b23605d83130bdeac749d404f2</td><td>www[.]cypolicy[.]com</td></tr><tr><td>0d71876ba535cde68c21aa9b3bb063d1</td><td>www[.]winservicecloud[.]com</td></tr></tbody></table></figure>



<p>Last but not least, our Cobalt Strike trackers spotted two Cobalt Strike listeners on the discovered infrastructure:</p>



<figure class="wp-block-table alignfull"><table><thead><tr><th>Brand seen on C2</th><th>Number of C2s</th><th>Description</th></tr></thead><tbody><tr><td>www[.]gsncloud[.]com</td><td>68.146.18[.]127</td><td>Cobalt Strike Malleable C2 Jquery profile from 22/03/2021 to 29/04/2021</td></tr><tr><td>api[.]tfhjugo[.]com</td><td>83.81.73[.]23</td><td>Cobalt Strike default headers on port 443 from 21/04/2021 to 17/05/2021</td></tr></tbody></table></figure>



<p>Unfortunately, the configurations associated with the discovered Cobalt Strike beacons are pretty common and prevented us from getting more discriminant indicators linked to their use of Cobalt Strike.&nbsp;</p>



<p>During the hunting, we found an ELF implant on VirusTotal<a href="https://www.virustotal.com/gui/file/e1999a3e5a611312e16bb65bb5a880dfedbab8d4d2c0a5d3ed1ed926a3f63e94/details" target="_blank" rel="noreferrer noopener">⁸</a>&nbsp;which matched the C2 —&nbsp; hardcoded in the sample — www[.]moperfectstore[.]com. <strong>We attribute this domain with medium to high confidence to APT31</strong> as it resolved to Pakedge and CyberOAM appliances and matches some domain heuristics described above. As the domain didn’t have any existence prior to 2021, we assess with medium to high confidence that the implant was used by APT31.&nbsp;</p>



<p>This implant, dubbed “unifi-video” (MD5: 4640805c362b1e5bee5312514dd0ab2b), is a statically-linked stripped 64bits ELF. <strong>Unifi-video is a well known legitimate software</strong> that describes itself as a “Centralized management system for <em>Ubiquiti UniFi</em> surveillance cameras”. It therefore echoes the compromised-appliance infrastructure used by APT31.&nbsp;</p>



<p>When analysing the file we noticed several routines overlapping with a known minimalistic Unix backdoor named Rekoobe which was covered previously by a few cybersecurity vendors such as Dr Web<a href="https://vms.drweb.com/virus/?i=7754026&amp;lng=en">⁹</a> and Intezer<a href="https://www.sekoia.io/en/walking-on-apt31-infrastructure-footprints/#10-link">¹</a><a href="https://blog.sekoia.io/walking-on-apt31-infrastructure-footprints/#10-link" target="_blank" rel="noreferrer noopener">⁰</a>.&nbsp;</p>



<p>However, several questions remain unanswered regarding the real APT31 and Rekoobe connection.&nbsp;</p>



<p>First, we don’t know at the time of writing whether Rekoobe’s source code is shared between different threat actors or if Rekoobe has been operated by APT31 since it was first discovered in 2015. Moreover, if APT31 operated this sample of Rekoobe, <strong>there is no indication whether this implant is used in the infrastructure or to persist in an appliance of a final victim</strong>, somewhere.</p>



<p>ERRATUM (12/11/2021): While we initially thought that the implant (4640805c362b1e5bee5312514dd0ab2b) was linked to Rekoobe, the security researcher Billy Leonard pointed out on Twitter [<a href="https://twitter.com/billyleonard/status/1458531997576572929">Billy Leonard&#8217;s tweet</a>] that it was actually Tiny SHell [<a href="https://github.com/creaktive/tsh">GitHub repo</a>] which we definitely agree. Tiny SHell has been used by multiple threat actors since several years now and it is not surprising to see APT31 using it.</p>



<div class="wp-container-5 wp-block-group"><div class="wp-block-group__inner-container">
<div class="wp-container-4 wp-block-buttons alignwide">
<div class="wp-block-button aligncenter"><a class="wp-block-button__link has-white-color has-text-color" href="https://sekoia.io/en/contact/" target="_blank" rel="noreferrer noopener">Discover our CTI and XDR products</a></div>
</div>
</div></div>



<h2 id="h-conclusion">Conclusion</h2>



<p>Despite the lack of open source literature on this intrusion set, <strong>APT31 remains a prolific threat for years for many occidental entities working on government and strategic issues</strong>. As of today, we don’t have a clear view of what they are looking for once they compromised the networks if it is for pre-positioning or data theft.</p>



<p>This blog post aimed to disclose some of their operational infrastructure and tools used this year so that you can look for possible compromises in your networks.&nbsp;</p>



<p>If you are also investigating APT31, don’t hesitate to share your thoughts with us at threatintel@sekoia.fr to better understand and track down their infrastructure.</p>



<h2 id="h-external-references">External references</h2>



<p><strong>¹</strong> <a href="https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/2021/bfv-cyber-brief-2021-1.pdf" target="_blank" rel="noreferrer noopener">Bedrohung deutscher Stellen durch Cyberangriffe der Gruppierung APT31</a></p>



<p><strong>²</strong> MVISION Insights: Potential APT31 Activity Against Political Targets,</p>



<p><strong>³</strong> <a href="https://www.cert.ssi.gouv.fr/ioc/CERTFR-2021-IOC-003/" target="_blank" rel="noreferrer noopener">Campagne d’attaque du mode opératoire APT31 ciblant la France</a></p>



<p><strong>⁴</strong> <a href="https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi" target="_blank" rel="noreferrer noopener">FY21 Microsoft Digital Defense Report</a></p>



<p><strong>⁵</strong> <a href="https://www.zscaler.fr/blogs/security-research/apt-31-leverages-covid-19-vaccine-theme-and-abuses-legitimate-online" target="_blank" rel="noreferrer noopener">APT-31 Leverages COVID-19 Vaccine Theme and Abuses Legitimate Online Services</a></p>



<p><strong>⁶</strong> <a href="https://www.gov.uk/government/news/uk-and-allies-hold-chinese-state-responsible-for-a-pervasive-pattern-of-hacking" target="_blank" rel="noreferrer noopener">UK and allies hold Chinese state responsible for a pervasive pattern of hacking</a></p>



<p><strong>⁷</strong> <a href="https://www.consilium.europa.eu/en/press/press-releases/2021/07/19/declaration-by-the-high-representative-on-behalf-of-the-eu-urging-china-to-take-action-against-malicious-cyber-activities-undertaken-from-its-territory/" target="_blank" rel="noreferrer noopener">China: Declaration by the High Representative on behalf of the European Union urging Chinese authorities to take action against malicious cyber activities undertaken from its territory</a></p>



<p><strong>⁸</strong> <a href="https://www.virustotal.com/gui/file/e1999a3e5a611312e16bb65bb5a880dfedbab8d4d2c0a5d3ed1ed926a3f63e94/details" target="_blank" rel="noreferrer noopener">Sample 4640805c362b1e5bee5312514dd0ab2b</a></p>



<p><strong>⁹</strong> <a href="https://vms.drweb.com/virus/?i=7754026&amp;lng=en" target="_blank" rel="noreferrer noopener">Linux.Rekoobe.1</a></p>



<p><strong>¹⁰</strong> <a href="https://www.intezer.com/blog/malware-analysis/linux-rekoobe-operating-with-new-undetected-malware-samples/" target="_blank" rel="noreferrer noopener">Linux Rekoobe Operating with New, Undetected Malware Samples</a></p>



<h2 id="h-tactics-techniques-and-procedures-ttps">Tactics, Techniques and Procedures (TTPs)</h2>



<ul><li>Exploit Public-Facing Application (T1190)</li><li>Non-Application Layer Protocol (T1095)</li><li>Application Layer Protocol (T1071)</li><li>Process Injection (T1055)</li><li>Phishing (T1566)</li><li>Compromise Infrastructure (T1584)</li><li>Acquire Infrastructure (T1583)</li><li>Develop Capabilities: Malware (T1587.001)</li><li>Obtain Capabilities: Malware (T1588.001)</li></ul>



<h2 id="h-iocs">IoCs</h2>



<p>The IOCs are provided “as is”. Even if the domain names are a reliable way to hunt APT31 in your network logs, the IP addresses can produce false positives as they rely mostly on legit home routers. All the IOCs can be downloaded in JSON STIX2.1 and CSV formats on the SEKOIA.IO Github: <a rel="noreferrer noopener" href="https://github.com/SEKOIA-IO/Community/tree/main/IOCs" target="_blank">https://github.com/SEKOIA-IO/Community/tree/main/IOCs</a></p>



<h3 id="h-domain-names">Domain names</h3>



<pre class="wp-block-preformatted">netgearcloud[.]net
neccloud[.]net
netgear-update[.]com
www[.]netgearupdatecheck[.]com
ns[.]netgear-update[.]com
www[.]winserviceupdate[.]com
winserviceupdate[.]com
www[.]pi-hole[.]us
www[.]qnapphoto[.]com
update[.]hardis-software[.]com
www[.]moperfectstore[.]com
info[.]miksupport[.]com
api[.]ontracting[.]com
www[.]fwcheck[.]com
portal[.]icb-transer[.]com
www[.]cypolicy[.]com
remotetimecheck[.]com
api[.]tfhjugo[.]com
www[.]camupdatecheck[.]com
www[.]jsonamazon[.]com
www[.]serverupdatecheck[.]com
www[.]nas-timesync[.]com
www[.]mikupdate[.]com
www[.]mikrotikupdate[.]com
www[.]winservicecloud[.]com
www[.]sophosfwupdate[.]com
www[.]deviceupdatecheck[.]com
sso[.]futuremixed[.]com
futuremixed[.]com
support[.]deviceupdatecheck[.]com
www[.]figaro-news[.]com
www[.]switch-netgear[.]com
www[.]veritasdiag[.]com
fdexcute[.]com
www[.]fdexcute[.]com
www[.]miksupport[.]com
status[.]veritasdiag[.]com
www[.]deviceupdatesupport[.]com
www[.]keys-networks[.]com
srv[.]keys-networks[.]com
keys-networks[.]com
www[.]oslookup[.]com
www[.]gsncloud[.]com</pre>



<h3 id="h-ip-addresses">IP Addresses</h3>



<pre class="wp-block-preformatted">213[.]21[.]100[.]188
108[.]46[.]133[.]103
108[.]54[.]184[.]30
116[.]86[.]137[.]232
158[.]174[.]170[.]19
184[.]75[.]129[.]113
185[.]129[.]252[.]187
185[.]130[.]165[.]59
185[.]89[.]55[.]24
185[.]96[.]198[.]75
188[.]165[.]73[.]52
189[.]121[.]150[.]254
213[.]238[.]234[.]249
217[.]210[.]180[.]113
217[.]211[.]53[.]251
45[.]147[.]229[.]194
50[.]71[.]100[.]164
58[.]182[.]61[.]137
58[.]96[.]237[.]98
71[.]64[.]151[.]132
73[.]229[.]137[.]54
78[.]82[.]247[.]37 
81[.]227[.]88[.]108
81[.]232[.]51[.]161
81[.]234[.]227[.]62
81[.]236[.]182[.]199
81[.]83[.]4[.]48
82[.]127[.]26[.]151
82[.]136[.]76[.]142
83[.]253[.]189[.]234
83[.]81[.]73[.]23
84[.]23[.]132[.]127
85[.]166[.]160[.]50
85[.]226[.]191[.]68
85[.]229[.]70[.]242
86[.]4[.]247[.]233
88[.]129[.]239[.]96
88[.]129[.]39[.]248
88[.]88[.]141[.]177
89[.]31[.]225[.]131
89[.]31[.]228[.]228
89[.]31[.]228[.]238
90[.]224[.]137[.]58
91[.]117[.]133[.]53
91[.]235[.]247[.]248
93[.]240[.]145[.]166
95[.]236[.]16[.]215
95[.]34[.]0[.]182
96[.]89[.]114[.]192
98[.]128[.]185[.]162
99[.]252[.]170[.]14
68[.]146[.]18[.]127
5[.]252[.]176[.]102
</pre>



<h3 id="h-yara-rules">Yara Rules</h3>



<pre class="wp-block-code"><code>rule unk_apt31_tsh_2021 {
    meta:
        description = "Detect APT31-linked TSH sample. This rule is quite specific with the $s3 string. We would advise removing this string to cover other TSH samples."
        version = "1.0"
        creation_date = "2021-10-11"
        modification_date = "2021-10-11"
        classification = "TLP:WHITE"
        hash = "4640805c362b1e5bee5312514dd0ab2b"
        source="SEKOIA.IO"
        version="1.0"
    strings:
        $s1 = { C6 00 48 C6 40 05 49 C6
        40 01 49 C6 40 06 4C C6
        40 02 53 C6 40 07 45 C6
        40 03 54 C6 40 08 3D C6
        40 04 46 C6 40 09 00 }

        $s2 = { C6 00 54 C6 40 03 4D C6
        40 01 45 C6 40 04 3D }

        $s3 = "www.moperfectstore.com"
    condition:
        int32be(0) == 0x7f454c46 and
        filesize &lt; 1MB and filesize &gt; 900KB and
        all of them
}

rule apt_misp_apt31_orb_2021 {   
    meta:
        description = "Detects APT31 ORB implant"
        version = "1.0"
        creation_date = "2021-10-11"
        modification_date = "2021-10-11"
        classification = "TLP:WHITE"
        hash = "77c73b8b1846652307862dd66ec09ebf"
	  source="SEKOIA.IO"
        version="1.0"
    strings:
        $s1 = "mv -f %s %s ;chmod 777 %s"
        $s2 = "GET /plain HTTP/1.1"
        $s3 = "exc_cmd time out"
        $s4 = "exc_cmd pipe err"
        $s5 = { 2e 2f &#91;1-10] 20 20 64 65 6c }

    condition:
        int32be(0) == 0x7f454c46 and 
        filesize &lt; 800KB and          filesize &gt; 400KB and 
        4 of ($s*)
}
</code></pre>



<p>Thank you for reading this article. You can also read our article on: <a href="https://blog.sekoia.io/msdt-abused-to-achieve-rce-on-microsoft-office/" target="_blank" rel="noreferrer noopener">MSDT abused to achieve RCE on Microsoft Office</a>.</p>



<div class="wp-container-7 wp-block-group alignwide has-background" style="background-color:#5452eb"><div class="wp-block-group__inner-container">
<h2 class="has-text-align-center has-white-color has-text-color">Chat with our team!</h2>



<p class="has-text-align-center has-white-color has-text-color" style="font-size:15px">Would you like to know more about our solutions? Do you want to discover our XDR and CTI products? Do you have a cybersecurity project in your organization? Make an appointment and meet us!</p>



<div class="wp-container-6 is-content-justification-center wp-block-buttons alignwide">
<div class="wp-block-button is-style-fill"><a class="wp-block-button__link has-white-background-color has-text-color has-background" href="https://www.sekoia.io/en/contact/" style="border-radius:11px;color:#2d2e83" target="_blank" rel="noreferrer noopener"><strong>Contact us</strong></a></div>
</div>
</div></div>
<div class="spbsm-followbuttons-output-wrapper"><!-- Superb Social Share and Follow Buttons --><div class="spbsm-output-textstring">Follow us on Social Media</div><div class="spbsm-button-wrapper-flat"><span class="spbsm-follow-linkedin"><a href="https://www.linkedin.com/company/sekoia/" rel="nofollow" target="_blank"><svg width="430.12px" height="430.12px" enable-background="new 0 0 430.117 430.117" version="1.1" viewBox="0 0 430.117 430.117" xml:space="preserve" xmlns="http://www.w3.org/2000/svg">
									<path d="m430.12 261.54v159.02h-92.188v-148.37c0-37.271-13.334-62.707-46.703-62.707-25.473 0-40.632 17.142-47.301 33.724-2.432 5.928-3.058 14.179-3.058 22.477v154.87h-92.219s1.242-251.28 0-277.32h92.21v39.309c-0.187 0.294-0.43 0.611-0.606 0.896h0.606v-0.896c12.251-18.869 34.13-45.824 83.102-45.824 60.673-1e-3 106.16 39.636 106.16 124.82zm-377.93-251.98c-31.548 0-52.183 20.693-52.183 47.905 0 26.619 20.038 47.94 50.959 47.94h0.616c32.159 0 52.159-21.317 52.159-47.94-0.606-27.212-20-47.905-51.551-47.905zm-46.706 411h92.184v-277.32h-92.184v277.32z"/>
								</svg>linkedin</a></span></div></div>    <div class="notizia-single-sharing-panel">
        <a class="notizia-sharing-icon-container" href="https://www.facebook.com/sharer/sharer.php?u=https://blog.sekoia.io/walking-on-apt31-infrastructure-footprints/" target="_blank" title="Share this post on Facebook">
            <i class="fab fa-facebook-f notizia-headline-text-color" aria-hidden="true"></i>
        </a>
        <a class="notizia-sharing-icon-container" href="https://twitter.com/share?text=Walking%20on%20APT31%20infrastructure%20footprints&url=https://blog.sekoia.io/walking-on-apt31-infrastructure-footprints/" target="_blank" title="Share this post on Twitter">
            <i class="fab fa-twitter notizia-headline-text-color" aria-hidden="true"></i>
        </a>
        <a class="notizia-sharing-icon-container" href="mailto:?subject=Walking%20on%20APT31%20infrastructure%20footprints&body=Walking%20on%20APT31%20infrastructure%20footprints%0D%0ASEKOIA.IO%E2%80%99s%20Cyber%20Threat%20Intelligence%20team%20had%20an%20in-depth%20look%20at%26nbsp%3B%20the%20APT31%20intrusion%20set%20at%20the%20beginning%20of%202021%20when%20the%20BfV%20%28Bundesamt%20f%C3%BCr%20Verfassungsschutz%29%C2%B9%26nbsp%3Band%20McAfee%C2%B2%26nbsp%3Breleased%20some%20new%20information.%20A%20few%20months%20later%2C%20the%20French%20National%20Cybersecurity%20Agency%20%28ANSSI%29%20also%20released%20a%20short%20publication%20with%20several%20IoCs%C2%B3%2C%20showing%20that%20the%20intrusion%20set%20was%20still%20active%20%5B%26hellip%3B%5D%0D%0A%0D%0ARead%20more%20at%3A%20https%3A%2F%2Fblog.sekoia.io%2Fwalking-on-apt31-infrastructure-footprints%2F" target="_blank" title="Send this post via email">
            <i class="far fa-envelope notizia-headline-text-color"></i>
        </a>
        <div class="notizia-sharing-label"><div class="n-line"></div><div class="notizia-main-color-text notizia-headline">Share</div></div>
    </div>
  <div class="notizia-clearfix"></div>
                  <div class="notizia-no-author-box-border"></div>
            <div class="notizia-end-share-panel">
      <p class="notizia-headline-text-color notizia-headline notizia-in-block">
        <span>Share this post:</span>
        <a class="notizia-sharing-icon-container" href="https://www.facebook.com/sharer/sharer.php?u=https://blog.sekoia.io/walking-on-apt31-infrastructure-footprints/" target="_blank" title="Share this post on Facebook">
          <i class="fab fa-facebook-f notizia-headline-text-color" aria-hidden="true"></i>
        </a>
        <a class="notizia-sharing-icon-container" href="https://twitter.com/share?text=Walking%20on%20APT31%20infrastructure%20footprints&url=https://blog.sekoia.io/walking-on-apt31-infrastructure-footprints/" target="_blank" title="Share this post on Twitter">
          <i class="fab fa-twitter notizia-headline-text-color" aria-hidden="true"></i>
        </a>
        <a class="notizia-sharing-icon-container notizia-whatsapp" data-action="share/whatsapp/share" href="whatsapp://send?text=Walking%20on%20APT31%20infrastructure%20footprints%20-%20https://blog.sekoia.io/walking-on-apt31-infrastructure-footprints/" title="Share this post on WhatsApp">
            <i class="fab fa-whatsapp notizia-headline-text-color"></i>
        </a>
        <a class="notizia-sharing-icon-container notizia-telegram" href="tg://msg_url?url=https://blog.sekoia.io/walking-on-apt31-infrastructure-footprints/&text=Walking%20on%20APT31%20infrastructure%20footprints" title="Share this post on Telegram">
            <i class="fab fa-telegram-plane notizia-headline-text-color"></i>
        </a>
        <a class="notizia-sharing-icon-container" href="mailto:?subject=Walking%20on%20APT31%20infrastructure%20footprints&body=Walking%20on%20APT31%20infrastructure%20footprints%0D%0ASEKOIA.IO%E2%80%99s%20Cyber%20Threat%20Intelligence%20team%20had%20an%20in-depth%20look%20at%26nbsp%3B%20the%20APT31%20intrusion%20set%20at%20the%20beginning%20of%202021%20when%20the%20BfV%20%28Bundesamt%20f%C3%BCr%20Verfassungsschutz%29%C2%B9%26nbsp%3Band%20McAfee%C2%B2%26nbsp%3Breleased%20some%20new%20information.%20A%20few%20months%20later%2C%20the%20French%20National%20Cybersecurity%20Agency%20%28ANSSI%29%20also%20released%20a%20short%20publication%20with%20several%20IoCs%C2%B3%2C%20showing%20that%20the%20intrusion%20set%20was%20still%20active%20%5B%26hellip%3B%5D%0D%0A%0D%0ARead%20more%20at%3A%20https%3A%2F%2Fblog.sekoia.io%2Fwalking-on-apt31-infrastructure-footprints%2F" target="_blank" title="Send this post via email">
          <i class="far fa-envelope notizia-headline-text-color"></i>
        </a>
      </p>
    </div>
  
            </div>

                    </div>
    
</div>




    <section class="notizia-next-prev notizia-secondary-color-bg notizia-nowhere notizia-animate-scroll notizia-start-content-no-padding">
        <div class="grid-container grid-x notizia-main-box notizia-margin-auto">
            <div class="cell small-12 notizia-next-prev-section-title">
                <h3 class="notizia-headline notizia-text-on-secondary-color notizia-section-title">What&#039;s next</h3>
            </div>
                            <div class="cell small-12 medium-6 large-4 notizia-br-12 notizia-next-prev-post notizia-next-prev-tax-1 notizia-has-img">
                    <a class="notizia-next-prev-img notizia-br-12 notizia-lazy-bg" href="https://blog.sekoia.io/sigma-design-and-mitre-attck-new-features-of-the-xdr-and-cti-platform/" data-lazy="https://blog.sekoia.io/wp-content/uploads/2021/12/mitreattack-1-500x281.png" style="">
                    </a>
                                        <div class="notizia-next-prev-text">
                        <h2 class="notizia-headline"><a class="notizia-card-headline-text-color" href="https://blog.sekoia.io/sigma-design-and-mitre-attck-new-features-of-the-xdr-and-cti-platform/">SIGMA, design and MITRE ATT&#038;CK… new features of the XDR and CTI platform</a></h2>
                        <p class="notizia-card-text-color">SEKOIA.IO aims to be as close as possible to the users of the platform, meeting their needs in a...</p>
                        <div class="notizia-next-prev-author">
                            <div class="notizia-author-av">
                                <a href="https://blog.sekoia.io/author/ups/">
                                    <img alt='' src='https://secure.gravatar.com/avatar/14763572f03ade17269d0fb064a0dfec?s=42&#038;d=mm&#038;r=g' srcset='https://secure.gravatar.com/avatar/14763572f03ade17269d0fb064a0dfec?s=84&#038;d=mm&#038;r=g 2x' class='avatar avatar-42 photo' height='42' width='42' loading='lazy'/>                                </a>
                            </div>
                            <div class="notizia-author-name">
                                <a class="notizia-card-headline-text-color notizia-author-link" href="https://blog.sekoia.io/author/ups/">Upscaling Team</a>
                            </div>
                        </div>
                    </div>
                </div>
                            <div class="cell small-12 medium-6 large-4 notizia-br-12 notizia-next-prev-post notizia-next-prev-tax-2 notizia-has-img">
                    <a class="notizia-next-prev-img notizia-br-12 notizia-lazy-bg" href="https://blog.sekoia.io/log4shell-the-defenders-worst-nightmare/" data-lazy="https://blog.sekoia.io/wp-content/uploads/2022/04/shutterstock_604573247-scaled-1-500x270.jpg" style="">
                    </a>
                                        <div class="notizia-next-prev-text">
                        <h2 class="notizia-headline"><a class="notizia-card-headline-text-color" href="https://blog.sekoia.io/log4shell-the-defenders-worst-nightmare/">Log4Shell: the defender’s worst nightmare ?</a></h2>
                        <p class="notizia-card-text-color">[Since this post concerns a recently-published vulnerability, intelligence regarding latest research will be updated periodically] On Thursday, December 9,...</p>
                        <div class="notizia-next-prev-author">
                            <div class="notizia-author-av">
                                <a href="https://blog.sekoia.io/author/tdr/">
                                    <img alt='' src='https://secure.gravatar.com/avatar/6ba435e7a31ece8abfbe7465925530c6?s=42&#038;d=mm&#038;r=g' srcset='https://secure.gravatar.com/avatar/6ba435e7a31ece8abfbe7465925530c6?s=84&#038;d=mm&#038;r=g 2x' class='avatar avatar-42 photo' height='42' width='42' loading='lazy'/>                                </a>
                            </div>
                            <div class="notizia-author-name">
                                <a class="notizia-card-headline-text-color notizia-author-link" href="https://blog.sekoia.io/author/tdr/">Threat &#38; Detection Research Team</a>
                            </div>
                        </div>
                    </div>
                </div>
                            <div class="cell small-12 medium-6 large-4 notizia-br-12 notizia-next-prev-post notizia-next-prev-tax-3 notizia-has-img">
                    <a class="notizia-next-prev-img notizia-br-12 notizia-lazy-bg" href="https://blog.sekoia.io/nobeliums-envyscout-infection-chain-goes-in-the-registry-targeting-embassies/" data-lazy="https://blog.sekoia.io/wp-content/uploads/2022/04/shutterstock_1033377706-scaled-1-500x333.jpeg" style="">
                    </a>
                                        <div class="notizia-next-prev-text">
                        <h2 class="notizia-headline"><a class="notizia-card-headline-text-color" href="https://blog.sekoia.io/nobeliums-envyscout-infection-chain-goes-in-the-registry-targeting-embassies/">NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies</a></h2>
                        <p class="notizia-card-text-color">NOBELIUM is another name for the APT29 intrusion set¹, operated by a threat actor allegedly linked to the SVR...</p>
                        <div class="notizia-next-prev-author">
                            <div class="notizia-author-av">
                                <a href="https://blog.sekoia.io/author/tdr/">
                                    <img alt='' src='https://secure.gravatar.com/avatar/6ba435e7a31ece8abfbe7465925530c6?s=42&#038;d=mm&#038;r=g' srcset='https://secure.gravatar.com/avatar/6ba435e7a31ece8abfbe7465925530c6?s=84&#038;d=mm&#038;r=g 2x' class='avatar avatar-42 photo' height='42' width='42' loading='lazy'/>                                </a>
                            </div>
                            <div class="notizia-author-name">
                                <a class="notizia-card-headline-text-color notizia-author-link" href="https://blog.sekoia.io/author/tdr/">Threat &#38; Detection Research Team</a>
                            </div>
                        </div>
                    </div>
                </div>
                    </div>
    </section>



    <div class="grid-container grid-x notizia-main-box notizia-comments-container notizia-start-content notizia-margin-auto notizia-nowhere notizia-animate-scroll notizia-start-content-no-padding">
        <div class="small-12 medium-12 large-8 notizia-margin-auto">
	        <a name="comments"></a>
            <h4 class="notizia-headline notizia-headline-text-color notizia-comments-closed">Comments are closed.</h4>
        </div>
    </div>




    <section class="notizia-trending notizia-secondary-color-bg notizia-nowhere notizia-animate-scroll notizia-start-content-no-padding">
        <div class="grid-container grid-x notizia-main-box notizia-margin-auto">
            <div class="cell small-12 notizia-next-prev-section-title">
                <h3 class="notizia-headline notizia-text-on-secondary-color notizia-section-title">Trending topics</h3>
            </div>
                            <div class="cell small-12 medium-6 large-4 notizia-next-prev-tax notizia-br-12 notizia-main-bg notizia-next-prev-tax-1">
                                                                <a href="https://blog.sekoia.io/tag/ransomware/">
                            <div class="notizia-tax-label notizia-text-on-main-color">
                                <span class="notizia-headline"></span>
                            </div>
                        </a>
                                                                <div class="notizia-single-tag notizia-headline">
                                                        <i data-feather="heart" data-id="11" data-action="add" class="notizia-heart-empty notizia-rc-action notizia-text-on-main-color"></i>
                        </div>
                                                            <div class="notizia-next-prev-text">
                        <h2 class="notizia-headline"><a class="notizia-text-on-main-color" href="https://blog.sekoia.io/tag/ransomware/">Ransomware</a></h2>
                                            </div>
                </div>
                            <div class="cell small-12 medium-6 large-4 notizia-next-prev-tax notizia-br-12 notizia-main-bg notizia-next-prev-tax-2">
                                                                <a href="https://blog.sekoia.io/tag/detection/">
                            <div class="notizia-tax-label notizia-text-on-main-color">
                                <span class="notizia-headline"></span>
                            </div>
                        </a>
                                                                <div class="notizia-single-tag notizia-headline">
                                                        <i data-feather="heart" data-id="9" data-action="add" class="notizia-heart-empty notizia-rc-action notizia-text-on-main-color"></i>
                        </div>
                                                            <div class="notizia-next-prev-text">
                        <h2 class="notizia-headline"><a class="notizia-text-on-main-color" href="https://blog.sekoia.io/tag/detection/">Detection</a></h2>
                                            </div>
                </div>
                            <div class="cell small-12 medium-6 large-4 notizia-next-prev-tax notizia-br-12 notizia-main-bg notizia-next-prev-tax-3">
                                                                <a href="https://blog.sekoia.io/tag/apt/">
                            <div class="notizia-tax-label notizia-text-on-main-color">
                                <span class="notizia-headline"></span>
                            </div>
                        </a>
                                                                <div class="notizia-single-tag notizia-headline">
                                                        <i data-feather="heart" data-id="14" data-action="add" class="notizia-heart-empty notizia-rc-action notizia-text-on-main-color"></i>
                        </div>
                                                            <div class="notizia-next-prev-text">
                        <h2 class="notizia-headline"><a class="notizia-text-on-main-color" href="https://blog.sekoia.io/tag/apt/">APT</a></h2>
                                            </div>
                </div>
                    </div>
    </section>

    
    <div class="notizia-alert">
      <span class="notizia-alert-message"></span>
      <i data-feather="x" class="notizia-clickable-icon"></i>
    </div>
        <div id="notizia-goup" class="notizia-main-bg"><i data-feather="arrow-up" class="notizia-clickable-icon notizia-text-on-main-color"></i></div>

    <footer id="notizia-footer" class="grid-container fluid notizia-main-box-fluid notizia-nowhere notizia-fade-in">
      <div class="grid-container grid-x notizia-main-box notizia-footer-first-grid notizia-no-padding-left-right">
                            <div class="cell small-12 medium-6 large-4 notizia-footer-column notizia-footer-column-one">
            
    <aside class="notizia-sidebar notizia-sidebar-footer">
        <ul class="notizia-sidebar-ul">
            <li id="custom_html-8" class="widget_text widget widget_custom_html"><h2 class="widgettitle">Discover our solutions</h2>
<div class="textwidget custom-html-widget"> <a class="maxbutton-4 maxbutton maxbutton-replace-your-siem" href="https://www.sekoia.io/en/replace-your-siem/"><span class='mb-text'>Replace your SIEM</span></a>
 <a class="maxbutton-8 maxbutton maxbutton-continuously-tracking-threats" href="https://www.sekoia.io/en/continuously-tracking-threats/"><span class='mb-text'>Continuously tracking threats</span></a>
<a class="maxbutton-11 maxbutton maxbutton-improve-remediation-activity" href="https://www.sekoia.io/en/provide-analysts-with-knowledge-about-their-investigations-and-responses-to-incidents/"><span class='mb-text'>Improve remediation activity</span></a>
<a class="maxbutton-10 maxbutton maxbutton-act-quickly-in-the-face-of-the-threat" href="https://www.sekoia.io/en/act-quickly-in-the-face-of-the-threat/"><span class='mb-text'>Act quickly in the face of the threat</span></a>
<a class="maxbutton-5 maxbutton maxbutton-federate-your-cybersecurity-equipment" href="https://www.sekoia.io/en/federate-and-get-the-most-out-of-your-cybersecurity-equipment/"><span class='mb-text'>Federate your cybersecurity equipment</span></a>
<a class="maxbutton-9 maxbutton maxbutton-produce-and-personalize-your-intelligence" href="https://www.sekoia.io/en/produce-and-personalize-your-intelligence/"><span class='mb-text'>Produce and personalize your intelligence</span></a></div></li>
        </ul>
    </aside>
          </div>
          <div class="cell small-12 medium-6 large-4 notizia-footer-column notizia-footer-column-two">
            
          </div>
          <div class="cell small-12 medium-6 large-4 notizia-footer-column notizia-footer-column-three">
            
    <aside class="notizia-sidebar notizia-sidebar-footer">
        <ul class="notizia-sidebar-ul">
            <li id="custom_html-14" class="widget_text widget widget_custom_html"><h2 class="widgettitle">Follows us on LinkedIn</h2>
<div class="textwidget custom-html-widget"><script src="https://platform.linkedin.com/in.js" type="text/javascript"> lang: en_US</script>
<script type="IN/FollowCompany" data-id="597994" data-counter="bottom"></script></div></li>
        </ul>
    </aside>
          </div>
                          <div class="cell small-12 medium-12 large-6 notizia-footer-logo-container">
                          <a href="https://blog.sekoia.io" rel="home" class="custom-logo-link">
                                    <img src="https://blog.sekoia.io/wp-content/uploads/2022/03/logo_white.png" width="1688" height="257" alt="Logo" />
                </a>
                      </div>
              </div>
          </footer>
    <!--noptimize--><!--email_off--><style type='text/css'>.maxbutton-4.maxbutton.maxbutton-replace-your-siem{position:relative;text-decoration:none;display:inline-block;vertical-align:middle;width:166px;height:50px;border:2px solid #505ac7;border-radius:4px 4px 4px 4px;background-color:#505ac7;-webkit-box-shadow:0px 0px 2px 0px #333333;-moz-box-shadow:0px 0px 2px 0px #333333;box-shadow:0px 0px 2px 0px #333333}.maxbutton-4.maxbutton.maxbutton-replace-your-siem:hover{border-color:#505ac7;background-color:white;-webkit-box-shadow:0px 0px 2px 0px #333333;-moz-box-shadow:0px 0px 2px 0px #333333;box-shadow:0px 0px 2px 0px #333333}.maxbutton-4.maxbutton.maxbutton-replace-your-siem .mb-text{color:#ffffff;font-size:15px;text-align:center;font-style:normal;font-weight:normal;line-height:1em;box-sizing:border-box;display:block;background-color:unset;padding:18px 0px 0px 0px}.maxbutton-4.maxbutton.maxbutton-replace-your-siem:hover .mb-text{color:#505ac7}@media only screen and (min-width:0px) and (max-width:480px){.maxbutton-4.maxbutton.maxbutton-replace-your-siem{width:90%}.maxbutton-4.maxbutton.maxbutton-replace-your-siem .mb-text{font-size:12px}}
.maxbutton-8.maxbutton.maxbutton-continuously-tracking-threats{position:relative;text-decoration:none;display:inline-block;vertical-align:middle;width:216px;height:50px;border:2px solid #505ac7;border-radius:4px 4px 4px 4px;background-color:#505ac7;-webkit-box-shadow:0px 0px 2px 0px #333333;-moz-box-shadow:0px 0px 2px 0px #333333;box-shadow:0px 0px 2px 0px #333333}.maxbutton-8.maxbutton.maxbutton-continuously-tracking-threats:hover{border-color:#505ac7;background-color:white;-webkit-box-shadow:0px 0px 2px 0px #333333;-moz-box-shadow:0px 0px 2px 0px #333333;box-shadow:0px 0px 2px 0px #333333}.maxbutton-8.maxbutton.maxbutton-continuously-tracking-threats .mb-text{color:#ffffff;font-size:15px;text-align:center;font-style:normal;font-weight:normal;line-height:1em;box-sizing:border-box;display:block;background-color:unset;padding:18px 0px 0px 0px}.maxbutton-8.maxbutton.maxbutton-continuously-tracking-threats:hover .mb-text{color:#505ac7}@media only screen and (min-width:0px) and (max-width:480px){.maxbutton-8.maxbutton.maxbutton-continuously-tracking-threats{width:90%}.maxbutton-8.maxbutton.maxbutton-continuously-tracking-threats .mb-text{font-size:12px}}
.maxbutton-11.maxbutton.maxbutton-improve-remediation-activity{position:relative;text-decoration:none;display:inline-block;vertical-align:middle;width:219px;height:50px;border:2px solid #505ac7;border-radius:4px 4px 4px 4px;background-color:#505ac7;-webkit-box-shadow:0px 0px 2px 0px #333333;-moz-box-shadow:0px 0px 2px 0px #333333;box-shadow:0px 0px 2px 0px #333333}.maxbutton-11.maxbutton.maxbutton-improve-remediation-activity:hover{border-color:#505ac7;background-color:white;-webkit-box-shadow:0px 0px 2px 0px #333333;-moz-box-shadow:0px 0px 2px 0px #333333;box-shadow:0px 0px 2px 0px #333333}.maxbutton-11.maxbutton.maxbutton-improve-remediation-activity .mb-text{color:#ffffff;font-size:15px;text-align:center;font-style:normal;font-weight:normal;line-height:1em;box-sizing:border-box;display:block;background-color:unset;padding:18px 0px 0px 0px}.maxbutton-11.maxbutton.maxbutton-improve-remediation-activity:hover .mb-text{color:#505ac7}@media only screen and (min-width:0px) and (max-width:480px){.maxbutton-11.maxbutton.maxbutton-improve-remediation-activity{width:90%}.maxbutton-11.maxbutton.maxbutton-improve-remediation-activity .mb-text{font-size:12px}}
.maxbutton-10.maxbutton.maxbutton-act-quickly-in-the-face-of-the-threat{position:relative;text-decoration:none;display:inline-block;vertical-align:middle;width:256px;height:50px;border:2px solid #505ac7;border-radius:4px 4px 4px 4px;background-color:#505ac7;-webkit-box-shadow:0px 0px 2px 0px #333333;-moz-box-shadow:0px 0px 2px 0px #333333;box-shadow:0px 0px 2px 0px #333333}.maxbutton-10.maxbutton.maxbutton-act-quickly-in-the-face-of-the-threat:hover{border-color:#505ac7;background-color:white;-webkit-box-shadow:0px 0px 2px 0px #333333;-moz-box-shadow:0px 0px 2px 0px #333333;box-shadow:0px 0px 2px 0px #333333}.maxbutton-10.maxbutton.maxbutton-act-quickly-in-the-face-of-the-threat .mb-text{color:#ffffff;font-size:15px;text-align:center;font-style:normal;font-weight:normal;line-height:1em;box-sizing:border-box;display:block;background-color:unset;padding:18px 0px 0px 0px}.maxbutton-10.maxbutton.maxbutton-act-quickly-in-the-face-of-the-threat:hover .mb-text{color:#505ac7}@media only screen and (min-width:0px) and (max-width:480px){.maxbutton-10.maxbutton.maxbutton-act-quickly-in-the-face-of-the-threat{width:90%}.maxbutton-10.maxbutton.maxbutton-act-quickly-in-the-face-of-the-threat .mb-text{font-size:12px}}
.maxbutton-5.maxbutton.maxbutton-federate-your-cybersecurity-equipment{position:relative;text-decoration:none;display:inline-block;vertical-align:middle;width:282px;height:59px;border:2px solid #505ac7;border-radius:4px 4px 4px 4px;background-color:#505ac7;-webkit-box-shadow:0px 0px 2px 0px #333333;-moz-box-shadow:0px 0px 2px 0px #333333;box-shadow:0px 0px 2px 0px #333333}.maxbutton-5.maxbutton.maxbutton-federate-your-cybersecurity-equipment:hover{border-color:#505ac7;background-color:white;-webkit-box-shadow:0px 0px 2px 0px #333333;-moz-box-shadow:0px 0px 2px 0px #333333;box-shadow:0px 0px 2px 0px #333333}.maxbutton-5.maxbutton.maxbutton-federate-your-cybersecurity-equipment .mb-text{color:#ffffff;font-size:15px;text-align:center;font-style:normal;font-weight:normal;line-height:1em;box-sizing:border-box;display:block;background-color:unset;padding:18px 0px 0px 0px}.maxbutton-5.maxbutton.maxbutton-federate-your-cybersecurity-equipment:hover .mb-text{color:#505ac7}@media only screen and (min-width:0px) and (max-width:480px){.maxbutton-5.maxbutton.maxbutton-federate-your-cybersecurity-equipment{width:90%}.maxbutton-5.maxbutton.maxbutton-federate-your-cybersecurity-equipment .mb-text{font-size:12px}}
.maxbutton-9.maxbutton.maxbutton-produce-and-personalize-your-intelligence{position:relative;text-decoration:none;display:inline-block;vertical-align:middle;width:315px;height:50px;border:2px solid #505ac7;border-radius:4px 4px 4px 4px;background-color:#505ac7;-webkit-box-shadow:0px 0px 2px 0px #333333;-moz-box-shadow:0px 0px 2px 0px #333333;box-shadow:0px 0px 2px 0px #333333}.maxbutton-9.maxbutton.maxbutton-produce-and-personalize-your-intelligence:hover{border-color:#505ac7;background-color:white;-webkit-box-shadow:0px 0px 2px 0px #333333;-moz-box-shadow:0px 0px 2px 0px #333333;box-shadow:0px 0px 2px 0px #333333}.maxbutton-9.maxbutton.maxbutton-produce-and-personalize-your-intelligence .mb-text{color:#ffffff;font-size:15px;text-align:center;font-style:normal;font-weight:normal;line-height:1em;box-sizing:border-box;display:block;background-color:unset;padding:18px 0px 0px 0px}.maxbutton-9.maxbutton.maxbutton-produce-and-personalize-your-intelligence:hover .mb-text{color:#505ac7}@media only screen and (min-width:0px) and (max-width:480px){.maxbutton-9.maxbutton.maxbutton-produce-and-personalize-your-intelligence{width:90%}.maxbutton-9.maxbutton.maxbutton-produce-and-personalize-your-intelligence .mb-text{font-size:12px}}
</style><!--/email_off--><!--/noptimize-->
<div class="spbsm-sidebar-wrapper spbsm-sidebar-wrapper-rightcenter"><div class="spbsm-followbuttons-output-wrapper"><!-- Superb Social Share and Follow Buttons --><div class="spbsm-output-textstring">Follow us on Social Media</div><div class="spbsm-button-wrapper-flat"><span class="spbsm-follow-linkedin"><a href="https://www.linkedin.com/company/sekoia/" rel="nofollow" target="_blank"><svg width="430.12px" height="430.12px" enable-background="new 0 0 430.117 430.117" version="1.1" viewBox="0 0 430.117 430.117" xml:space="preserve" xmlns="http://www.w3.org/2000/svg">
									<path d="m430.12 261.54v159.02h-92.188v-148.37c0-37.271-13.334-62.707-46.703-62.707-25.473 0-40.632 17.142-47.301 33.724-2.432 5.928-3.058 14.179-3.058 22.477v154.87h-92.219s1.242-251.28 0-277.32h92.21v39.309c-0.187 0.294-0.43 0.611-0.606 0.896h0.606v-0.896c12.251-18.869 34.13-45.824 83.102-45.824 60.673-1e-3 106.16 39.636 106.16 124.82zm-377.93-251.98c-31.548 0-52.183 20.693-52.183 47.905 0 26.619 20.038 47.94 50.959 47.94h0.616c32.159 0 52.159-21.317 52.159-47.94-0.606-27.212-20-47.905-51.551-47.905zm-46.706 411h92.184v-277.32h-92.184v277.32z"/>
								</svg>linkedin</a></span></div></div></div><style>.wp-container-1 {display: flex;gap: 0.5em;flex-wrap: wrap;align-items: center;}.wp-container-1 > * { margin: 0; }</style>
<style>.wp-container-2 > .alignleft { float: left; margin-inline-start: 0; margin-inline-end: 2em; }.wp-container-2 > .alignright { float: right; margin-inline-start: 2em; margin-inline-end: 0; }.wp-container-2 > .aligncenter { margin-left: auto !important; margin-right: auto !important; }</style>
<style>.wp-container-3 {display: flex;gap: 0.5em;flex-wrap: wrap;align-items: center;}.wp-container-3 > * { margin: 0; }</style>
<style>.wp-container-4 {display: flex;gap: 0.5em;flex-wrap: wrap;align-items: center;}.wp-container-4 > * { margin: 0; }</style>
<style>.wp-container-5 > .alignleft { float: left; margin-inline-start: 0; margin-inline-end: 2em; }.wp-container-5 > .alignright { float: right; margin-inline-start: 2em; margin-inline-end: 0; }.wp-container-5 > .aligncenter { margin-left: auto !important; margin-right: auto !important; }</style>
<style>.wp-container-6 {display: flex;gap: 0.5em;flex-wrap: wrap;align-items: center;justify-content: center;}.wp-container-6 > * { margin: 0; }</style>
<style>.wp-container-7 > .alignleft { float: left; margin-inline-start: 0; margin-inline-end: 2em; }.wp-container-7 > .alignright { float: right; margin-inline-start: 2em; margin-inline-end: 0; }.wp-container-7 > .aligncenter { margin-left: auto !important; margin-right: auto !important; }</style>
<script type='text/javascript' src='https://blog.sekoia.io/wp-content/themes/notizia/assets/libraries/intersection-observer/intersection-observer.min.js?ver=1.1' id='intersection-observer-js'></script>
<script type='text/javascript' id='notizia-theme-js-extra'>
/* <![CDATA[ */
var notizia_t_Urls = {"ajaxurl":"https:\/\/blog.sekoia.io\/wp-admin\/admin-ajax.php","nonce":"cab5fe3bd9"};
var localized_strings = {"image_error":"The image could not be loaded.","searching":"Searching...","search_results":"Search results","no_results_found":"There are no results for your search query.","results_found":"Results found for your search query: ","login":"Log in","register":"Register","user_menu":"User","your_profile":"Your profile","logout":"Logout"};
/* ]]> */
</script>
<script type='text/javascript' src='https://blog.sekoia.io/wp-content/themes/notizia/assets/js/theme.min.js?ver=1.1' id='notizia-theme-js'></script>
<script type='text/javascript' src='https://blog.sekoia.io/wp-content/themes/notizia/assets/libraries/swiper/js/swiper.min.js' id='swiper-js'></script>
<script type='text/javascript' src='https://blog.sekoia.io/wp-content/themes/notizia/assets/libraries/hoverintent/hoverintent.min.js' id='hoverintent-js'></script>
<script type='text/javascript' src='https://blog.sekoia.io/wp-content/themes/notizia/assets/libraries/magnific-popup/magnific-popup.min.js' id='magnific-popup-js'></script>
<script type='text/javascript' src='https://blog.sekoia.io/wp-content/themes/notizia/assets/libraries/lightbox/js/lightbox.min.js' id='lightbox-js'></script>
<script type='text/javascript' id='notizia-ajax-js-extra'>
/* <![CDATA[ */
var notizia_Urls = {"ajaxurl":"https:\/\/blog.sekoia.io\/wp-admin\/admin-ajax.php","nonce":"cab5fe3bd9"};
/* ]]> */
</script>
<script type='text/javascript' src='https://blog.sekoia.io/wp-content/themes/notizia/assets/js/ajax.min.js?ver=1.1' id='notizia-ajax-js'></script>
<script type='text/javascript'>
(function() {
				var expirationDate = new Date();
				expirationDate.setTime( expirationDate.getTime() + 31536000 * 1000 );
				document.cookie = "pll_language=en; expires=" + expirationDate.toUTCString() + "; path=/; secure; SameSite=Lax";
			}());
</script>
  </body>
</html>

<!-- Dynamic page generated in 0.295 seconds. -->
<!-- Cached page generated by WP-Super-Cache on 2022-08-17 17:44:47 -->

<!-- super cache -->